Submitted URL: http://mynycb.com/
Effective URL: https://www.flagstar.com/
Submission: On April 09 via manual from GB — Scanned from GB

Summary

This website contacted 15 IPs in 3 countries across 14 domains to perform 107 HTTP transactions. The main IP is 104.18.41.140, located in and belongs to CLOUDFLARENET, US. The main domain is www.flagstar.com. The Cisco Umbrella rank of the primary domain is 256836.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 20th 2023. Valid for: a year.
This is the only time www.flagstar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 208.71.55.51 30572 (NYCB-NEW-...)
75 104.18.41.140 13335 (CLOUDFLAR...)
3 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 13.110.255.221 14340 (SALESFORCE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f08... 32934 (FACEBOOK)
11 2606:4700::68... 13335 (CLOUDFLAR...)
2 13.224.189.35 16509 (AMAZON-02)
1 13.109.188.112 14340 (SALESFORCE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 54.163.174.61 14618 (AMAZON-AES)
1 63.140.62.17 16509 (AMAZON-02)
1 13.110.254.28 14340 (SALESFORCE)
2 2a00:1450:400... 15169 (GOOGLE)
1 63.140.62.27 16509 (AMAZON-02)
107 15
Apex Domain
Subdomains
Transfer
75 flagstar.com
www.flagstar.com — Cisco Umbrella Rank: 256836
1 MB
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 474
160 KB
3 sitescdn.net
assets.sitescdn.net — Cisco Umbrella Rank: 15856
150 KB
3 salesforceliveagent.com
c.la5-c1cs-ia5.salesforceliveagent.com — Cisco Umbrella Rank: 237525
d.la2-c2-iad.salesforceliveagent.com — Cisco Umbrella Rank: 284758
d.la5-c1-ia5.salesforceliveagent.com — Cisco Umbrella Rank: 28549
44 KB
3 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 555
74 KB
2 youtube.com
www.youtube.com — Cisco Umbrella Rank: 78
69 KB
2 invoca.net
pnapi.invoca.net — Cisco Umbrella Rank: 9666
773 B
2 invocacdn.com
solutions.invocacdn.com — Cisco Umbrella Rank: 8974
42 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 248
70 KB
2 mynycb.com
mynycb.com
www.mynycb.com
8 KB
1 adobedc.net
edge.adobedc.net — Cisco Umbrella Rank: 4898
710 B
1 demdex.net
adobedc.demdex.net — Cisco Umbrella Rank: 9527
922 B
1 yext-pixel.com
answers.yext-pixel.com — Cisco Umbrella Rank: 55701
319 B
0 cloudflareinsights.com Failed
static.cloudflareinsights.com Failed
107 14
Domain Requested by
75 www.flagstar.com www.flagstar.com
11 cdn.cookielaw.org assets.adobedtm.com
www.flagstar.com
3 assets.sitescdn.net www.flagstar.com
3 assets.adobedtm.com www.flagstar.com
2 www.youtube.com assets.adobedtm.com
www.youtube.com
2 pnapi.invoca.net www.flagstar.com
2 solutions.invocacdn.com assets.adobedtm.com
www.flagstar.com
2 connect.facebook.net assets.adobedtm.com
connect.facebook.net
1 edge.adobedc.net www.flagstar.com
1 d.la5-c1-ia5.salesforceliveagent.com www.flagstar.com
1 adobedc.demdex.net www.flagstar.com
1 answers.yext-pixel.com assets.sitescdn.net
1 d.la2-c2-iad.salesforceliveagent.com www.flagstar.com
1 c.la5-c1cs-ia5.salesforceliveagent.com www.flagstar.com
1 www.mynycb.com 1 redirects
1 mynycb.com 1 redirects
0 static.cloudflareinsights.com Failed www.flagstar.com
107 17
Subject Issuer Validity Valid
flagstar.com
Cloudflare Inc ECC CA-3
2023-10-20 -
2024-10-19
a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-11 -
2024-08-10
a year crt.sh
la5-c1cs-ia5.salesforceliveagent.com
DigiCert TLS RSA SHA256 2020 CA1
2024-01-04 -
2025-01-01
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-07-11 -
2024-07-10
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-01-17 -
2024-04-16
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2024-03-01 -
2024-12-31
10 months crt.sh
invocacdn.com
Amazon RSA 2048 M02
2023-09-24 -
2024-10-21
a year crt.sh
la2-c2-ia4.salesforceliveagent.com
DigiCert TLS RSA SHA256 2020 CA1
2023-07-04 -
2024-07-01
a year crt.sh
answers.yext-pixel.com
E1
2024-04-08 -
2024-07-07
3 months crt.sh
invoca.net
Amazon RSA 2048 M03
2023-09-24 -
2024-10-21
a year crt.sh
adobedc.demdex.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-22 -
2024-11-21
a year crt.sh
la5-c1-ia5.salesforceliveagent.com
DigiCert TLS RSA SHA256 2020 CA1
2024-01-04 -
2025-01-01
a year crt.sh
*.google.com
GTS CA 1C3
2024-03-04 -
2024-05-27
3 months crt.sh
edge.adobedc.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-21 -
2024-11-20
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.flagstar.com/
Frame ID: 3BF55F03BF3DB9B441985947C2186E2D
Requests: 114 HTTP requests in this frame

Screenshot

Page Title

Banking Services: Personal, Small Business, Commercial, and Private Banking | Flagstar

Page URL History Show full URLs

  1. http://mynycb.com/ HTTP 307
    https://mynycb.com/ HTTP 301
    https://www.mynycb.com/ HTTP 301
    https://www.flagstar.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc\.clientlibs/

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

107
Requests

99 %
HTTPS

40 %
IPv6

14
Domains

17
Subdomains

15
IPs

3
Countries

1802 kB
Transfer

4386 kB
Size

28
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://mynycb.com/ HTTP 307
    https://mynycb.com/ HTTP 301
    https://www.mynycb.com/ HTTP 301
    https://www.flagstar.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

107 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.flagstar.com/
Redirect Chain
  • http://mynycb.com/
  • https://mynycb.com/
  • https://www.mynycb.com/
  • https://www.flagstar.com/
274 KB
34 KB
Document
General
Full URL
https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41b3f21d187e8e772fe658c1afd0a836d079873e8b0cb15630325b0df448da97
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
max-age=0
cf-cache-status
DYNAMIC
cf-ray
871b143298f39404-LHR
clientname
flagstar
content-encoding
gzip
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-type
text/html; charset=UTF-8
date
Tue, 09 Apr 2024 14:10:08 GMT
expires
Tue, 09 Apr 2024 14:09:53 GMT
last-modified
Tue, 09 Apr 2024 14:00:12 GMT
server
cloudflare
server-timing
dtSInfo;desc="0", dtRpid;desc="1575630025"
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-cnection
close
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-oneagent-js-injection
true
x-ruxit-js-agent
true
x-ua-compatible
IE=Edge
x-xss-protection
1; mode=block

Redirect headers

cache-control
private, no-store, proxy-revalidate, max-age=30
content-length
148
content-security-policy
upgrade-insecure-requests; default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' https://www.onlinebanktours.com/ https://cdn.cookielaw.org/consent/ https://maps.googleapis.com https://polyfill.io https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com https://*.gstatic.com https://www.googletagmanager.com https://googleapis.com http://www.googleadservices.com http://www.google-analytics.com http://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net ; script-src-elem 'unsafe-inline' 'unsafe-eval' https://js.adsrvr.org/up_loader.1.1.0.js https://www.google-analytics.com/analytics.js https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCommonStyles.css https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/v2/otPcTab.json https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otFlat.json https://connect.facebook.net/en_US/fbevents.js https://www.onlinebanktours.com/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://maps.googleapis.com https://polyfill.io https://www.googletagmanager.com/ https://privacyportal.onetrust.com https://geolocation.onetrust.com https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com; script-src-attr 'unsafe-inline' 'unsafe-eval' https://www.onlinebanktours.com/ https://cdn.cookielaw.org/scripttemplates/ https://cdn.cookielaw.org/consent/ https://maps.googleapis.com https://polyfill.io https://privacyportal.onetrust.com https://geolocation.onetrust.com https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com; style-src 'unsafe-inline' 'unsafe-eval' https://es.mynycb.com/ https://www.onlinebanktours.com/ https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com https://*.gstatic.com https://www.googletagmanager.com http://www.googleadservices.com http://www.google-analytics.com https://fonts.googleapis.com http://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net ; style-src-elem 'unsafe-inline' 'unsafe-eval' https://www.onlinebanktours.com/ https://fonts.googleapis.com/css https://cdn.cookielaw.org/ https://privacyportal.onetrust.com https://geolocation.onetrust.com https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com ; style-src-attr 'unsafe-inline' 'unsafe-eval' https://www.onlinebanktours.com/ https://cdn.cookielaw.org/ https://privacyportal.onetrust.com https://geolocation.onetrust.com https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com; img-src 'unsafe-inline' 'unsafe-eval' data: https://cdn.cookielaw.org/ https://www.flagstar.com/ https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com https://*.gstatic.com https://www.googletagmanager.com http://www.googleadservices.com http://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com http://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.oectours.com; font-src 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com/css https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com https://fonts.googleapis.com https://fonts.gstatic.com; connect-src 'unsafe-inline' 'unsafe-eval' https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otFlat.json https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/v2/otPcTab.json https://cdn.cookielaw.org/scripttemplates/202304.1.0/assets/otCommonStyles.css https://cdn.cookielaw.org/consent/da8fc4e1-b257-4c24-8fa0-30d9a387d5da-test/3394215e-8369-4433-bdea-3563b309ec6b/en.json https://cdn.cookielaw.org/consent https://cdn.cookielaw.org/consent/da8fc4e1-b257-4c24-8fa0-30d9a387d5da-test/da8fc4e1-b257-4c24-8fa0-30d9a387d5da-test.json https://maps.googleapis.com https://www.mynycb.com/ https://apps.mynycb.com https://*.gstatic.com https://www.googletagmanager.com http://www.googleadservices.com http://www.google-analytics.com http://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://www.onlinebanktours.com; media-src 'unsafe-inline' 'unsafe-eval' https://www.mynycb.com/ https://apps.mynycb.com https://www.onlinebanktours.com; object-src 'none'; frame-ancestors https://www.mynycb.com/ https://apps.mynycb.com *.visualstudio.com https://*.gstatic.com https://www.googletagmanager.com http://www.googleadservices.com http://www.google-analytics.com http://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://www.onlinebanktours.com https://cdn.oectours.com; frame-src 'unsafe-inline' 'unsafe-eval' https://13881983.fls.doubleclick.net/ http://www.onlinebanktours.com https://www.mynycb.com/ http://www.mynycb.com/ https://apps.mynycb.com; manifest-src 'none';
content-type
text/html; charset=UTF-8
date
Tue, 09 Apr 2024 14:10:07 GMT
expires
Tue, 09 Apr 2024 14:10:07 GMT
location
https://www.flagstar.com/
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; Preload
x-content-type-options
nosniff
x-frame-options
DENY
x-ua-compatible
IE=edge
x-xss-protection
1
ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
www.flagstar.com/
212 KB
82 KB
Script
General
Full URL
https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18bdc7909700de993fb5f08dc562d1cea796fc833bb6b9f294939216a78909c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
27321
x-cnection
close
content-length
83628
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Wed, 03 Mar 2010 07:01:40 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
871b14341b089404-LHR
expires
Wed, 09 Apr 2025 14:10:08 GMT
clientlib-base.fe3f110d18d4c7e40aef00a38e92e49f.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
214 KB
16 KB
Stylesheet
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.fe3f110d18d4c7e40aef00a38e92e49f.css
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d6c8b30f7e100ee333e01d26dc76c05bc88c8db65585390f7159952c2805f15
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
370455
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="497559189"
content-length
13053
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 05 Apr 2024 06:04:28 GMT
server
cloudflare
etag
W/"3564d-615533a888d2d-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14341b039404-LHR
clientname
flagstar
clientlib-common.3eb7a162166ff06ffd28c4cd55a66762.js
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
4 KB
5 KB
Script
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-common.3eb7a162166ff06ffd28c4cd55a66762.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d2fd2417b6b7947a591339e14fea06b882e12b780955ffc062d5bed534d9bbf
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1795642758"
content-length
1382
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 05 Apr 2024 02:36:38 GMT
server
cloudflare
etag
"fdd-61550533ba139-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14341b0d9404-LHR
clientname
flagstar
launch-bc7a3f427c28.min.js
assets.adobedtm.com/7dbad9752923/36b7dda228e9/
272 KB
73 KB
Script
General
Full URL
https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
33e490db71cc68c65170e1d1eadde99b6ff8a0800cca62ffb6e099abe94a8811

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 14:10:09 GMT
content-encoding
gzip
last-modified
Mon, 18 Mar 2024 14:27:53 GMT
server
AkamaiNetStorage
etag
"2132d37a8c5826780bb921320a527c41:1710772073.784322"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.flagstar.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
74544
expires
Tue, 09 Apr 2024 15:10:09 GMT
clientlib-autonumeric.d47f6d13b8b6fba73490357cd7b2bc71.js
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
182 KB
42 KB
Script
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-autonumeric.d47f6d13b8b6fba73490357cd7b2bc71.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
82a5f96383e36ec0b545815cd2b03b0fbef250ec1957cd686a9b08cad3cc608b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1569696660"
content-length
40068
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 05 Apr 2024 02:21:38 GMT
server
cloudflare
etag
"2d872-615501d987852-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14341b109404-LHR
clientname
flagstar
deployment.js
c.la5-c1cs-ia5.salesforceliveagent.com/content/g/js/60.0/
42 KB
43 KB
Script
General
Full URL
https://c.la5-c1cs-ia5.salesforceliveagent.com/content/g/js/60.0/deployment.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.255.221 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl16-ncg1-c6-iad5.la5-c1cs-ia5.salesforceliveagent.com
Software
Jetty /
Resource Hash
8ff54385f2146f44f6d729ffb360b04ca6f42fa3c49e185b517d5ab0ac02e9b5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 09 Apr 2024 14:10:09 GMT
Cache-Control
max-age=60, must-revalidate
Last-Modified
Fri, 29 Mar 2024 16:49:40 GMT
Server
Jetty
Accept-Ranges
bytes
Content-Length
43262
Content-Type
application/javascript
clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
0
3 KB
Script
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="354374083"
content-length
0
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 05 Apr 2024 02:12:56 GMT
server
cloudflare
etag
"0-6154ffe83c008"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14341b129404-LHR
clientname
flagstar
clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
0
3 KB
Stylesheet
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.css
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1548322867"
content-length
0
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 05 Apr 2024 02:31:09 GMT
server
cloudflare
etag
"0-615503fa6432d"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14341b149404-LHR
clientname
flagstar
clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
267 KB
46 KB
Stylesheet
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb9467710e1a952c83b8c3d11603e2a83880e27ec4a4ca3803288e02cf3275d8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
384845
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1323493188"
content-length
43602
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 05 Apr 2024 02:00:03 GMT
server
cloudflare
etag
"42c4f-6154fd063e487-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14341b169404-LHR
clientname
flagstar
help-circle.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
831 B
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/help-circle.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25042f6994a65e8b585909f22a8e983e6d2fec1cc3b88a0a85df6fea3ebe10fb
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1361240855"
content-length
448
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:10 GMT
server
cloudflare
etag
"33f-611cd6de6bc5f-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14342b2c9404-LHR
clientname
flagstar
map-pin.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
611 B
3 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/map-pin.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a584616981963ae61992fee36f95da1ca96818a1c68695354bd899e32307429
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382340
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1465871834"
content-length
317
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:50 GMT
server
cloudflare
etag
"263-611cd7b111996-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14342b2f9404-LHR
clientname
flagstar
globe.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
844 B
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/globe.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84551b2fc5b4daf2d89a4bb712509343abf84878723f814701d42cd050237e7d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1562023607"
content-length
381
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:32 GMT
server
cloudflare
etag
"34c-611cd79f08c37-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b1434cc1e9404-LHR
clientname
flagstar
Logo.png
www.flagstar.com/content/dam/newco/global-navigation-icons/
10 KB
13 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/Logo.png
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def9e061c234084f9709283b1982131b725bcc68b2ed4581f54d322103ee2f02
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:08 GMT
date
Tue, 09 Apr 2024 14:10:08 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382340
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1788794817"
content-length
9965
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:56 GMT
server
cloudflare
etag
"26ed-611cd70a433ae"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b1434cc209404-LHR
clientname
flagstar
icon-card_checking-savings.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
4 KB
5 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_checking-savings.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f453487a4e177cda0bbace5eb1ba7f468936488b95769b3de17349967e8fab9e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
content-security-policy-report-only
script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=iZkMc.10AiTtsBFX_ky9bVTvw2fXBP2mqYfNtczqEuI-1712671809-1.0.1.1-fLhnzH_IyBETTDf_Uckb2r9dcXQWQLgYuy5jEosVbkqpj86XaaQgrHur9G1N0jnb2zt6M4a6vSSqEsv5soEmaWX9yqEMyibSZhnDnTIMGx30HiVpvjVbtf4S_E4dwhjAmlDhg5R7PTVpqNICBGpmPQdpJa7yn5r0MGxu.2wCmXQ; report-to cf-csp-endpoint
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1570816287"
content-length
1038
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:32 GMT
server
cloudflare
etag
"10e3-611cd79f3205f-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=iZkMc.10AiTtsBFX_ky9bVTvw2fXBP2mqYfNtczqEuI-1712671809-1.0.1.1-fLhnzH_IyBETTDf_Uckb2r9dcXQWQLgYuy5jEosVbkqpj86XaaQgrHur9G1N0jnb2zt6M4a6vSSqEsv5soEmaWX9yqEMyibSZhnDnTIMGx30HiVpvjVbtf4S_E4dwhjAmlDhg5R7PTVpqNICBGpmPQdpJa7yn5r0MGxu.2wCmXQ"}],"group":"cf-csp-endpoint","max_age":86400}
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14391a099404-LHR
clientname
flagstar
icon-card_debit-credit-cards.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_debit-credit-cards.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e95e113bfeb440a09cd08c80ee6dd2c15931a4851163a0d8075135d57f6c131c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382342
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="800270619"
content-length
975
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:25 GMT
server
cloudflare
etag
"d40-611cd6b3cc5e3-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14396a7c9404-LHR
clientname
flagstar
icon-card_ways-to-bank.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_ways-to-bank.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e883915424fc156cca96b72d20b7ca928799d6d1d3b075db0d0eca941972915
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="312792831"
content-length
909
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:15 GMT
server
cloudflare
etag
"cdd-611cd6e3cba9d-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b1439bae99404-LHR
clientname
flagstar
icon-card_buy-a-home.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_buy-a-home.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92b60026dfcc6eb3bf8631ec3c25138b31110706ceec72d087c6e5b5fc8a5cab
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="912280747"
content-length
770
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:20 GMT
server
cloudflare
etag
"825-611cd6aec15a3-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143a1b8e9404-LHR
clientname
flagstar
icon-card_get-cash.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_get-cash.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f5954f0a829c02a8c57d814c998de13afa8d91f62cffdfe316c024bed3262d2e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="60370156"
content-length
788
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:15 GMT
server
cloudflare
etag
"b63-611cd6e3cc26d-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143a6bf79404-LHR
clientname
flagstar
icon-card_purchase-a-vehicle.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
4 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_purchase-a-vehicle.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0731a9c84bce53cb2a4ecaf08dc811585971a899fcbbb8d79e340efe56dcd95
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-683981095"
content-length
1123
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:15 GMT
server
cloudflare
etag
"110a-611cd6e3d7ded-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143abc669404-LHR
clientname
flagstar
icon-card_flagstar-wealth-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
6 KB
5 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_flagstar-wealth-services.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96387be010f65288928b24d9445e88bcdb99e30664b7d2d595a7ccda6f1c4dc6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-254777288"
content-length
1576
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:45 GMT
server
cloudflare
etag
"1671-611cd6c730f62-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b0cd09404-LHR
clientname
flagstar
icon-card_financial-solutions.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_financial-solutions.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3475c512749c10abccdeffe33c396580e23098635ab83c9f7d2987c076a457c6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-946422521"
content-length
726
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:25 GMT
server
cloudflare
etag
"7c5-611cd6b3eecab-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b2cf59404-LHR
clientname
flagstar
icon-card_insights.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
4 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_insights.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
923a8d9740f94f5c08fcd2f3be048e8689441a216c3be5c0784797d5017d02d5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="407431261"
content-length
885
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:11 GMT
server
cloudflare
etag
"e1e-611cd6dfebce7-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b3d0b9404-LHR
clientname
flagstar
icon-card_tools-calculators.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_tools-calculators.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
70740bb39befcad42f09bbff8a78e7f0503e3e4bf6361c858cea9423c8ad558c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1287061149"
content-length
543
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:13:20 GMT
server
cloudflare
etag
"a99-611cd75a7f5d5-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b3d0d9404-LHR
clientname
flagstar
icon-card_how-to-guides.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_how-to-guides.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2cdba8b1ff0a5dc4a5f88b397ec0789788233467372c668ff43a5cb535dba27
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1572961218"
content-length
652
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:45 GMT
server
cloudflare
etag
"86a-611cd6c7378da-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b3d0f9404-LHR
clientname
flagstar
icon-card_faqs.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
1 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_faqs.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eba4e1c2cce29282aa8fa6dd71e6046399b06e5d408e2f4c2c2763642572c842
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
content-security-policy-report-only
script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=NxrY1JwWuOyiXrTO3.pu9ewetZ9nvWHp_leQNXCokrM-1712671809-1.0.1.1-ohGnXH6NL0ZxpzBMMXPZTjkEuwgi0OfF0.QEPyCPdfgDhgXUbHj5MM2DUbPzItz4uxWk0cYFMIlmvOXtqSsYwdRGGpciajg_1t_Yr7aFqq02xh1HivTII5YuPYzhNHLdTDc4Uz3H6h6gjE0rrreQzktQnfugTc5J068xd3JSKgw; report-to cf-csp-endpoint
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="762938149"
content-length
541
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:31:32 GMT
server
cloudflare
etag
"45d-611cdb6cac224-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
report-to
{"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=NxrY1JwWuOyiXrTO3.pu9ewetZ9nvWHp_leQNXCokrM-1712671809-1.0.1.1-ohGnXH6NL0ZxpzBMMXPZTjkEuwgi0OfF0.QEPyCPdfgDhgXUbHj5MM2DUbPzItz4uxWk0cYFMIlmvOXtqSsYwdRGGpciajg_1t_Yr7aFqq02xh1HivTII5YuPYzhNHLdTDc4Uz3H6h6gjE0rrreQzktQnfugTc5J068xd3JSKgw"}],"group":"cf-csp-endpoint","max_age":86400}
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b3d109404-LHR
clientname
flagstar
icon-card_sign-up.svg
www.flagstar.com/content/dam/newco/personal/banking/icons/
1 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/personal/banking/icons/icon-card_sign-up.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27a930e516d39f72356590a4e737515c95aa3a9969b6c2fc12075710f9032998
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-376902719"
content-length
601
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 02 Apr 2024 20:06:33 GMT
server
cloudflare
etag
"4bb-61522a484292a-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b3d119404-LHR
clientname
flagstar
icon-card_business-checking-savings.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-checking-savings.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1d3a3e26c91ba85b3d9ac92db5f8335ea6994994a2538d4f47f5e919439d4c8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="557675994"
content-length
985
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:34 GMT
server
cloudflare
etag
"d18-611cd7a196b56-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b3d129404-LHR
clientname
flagstar
icon-card_business-credit-cards.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-credit-cards.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
606ceda8954b51480b26eb5e9abd2d26d4d481d7dedeaa6afcec3ee5d6b39227
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="679847624"
content-length
867
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:12:50 GMT
server
cloudflare
etag
"878-611cd73ddb4f9-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b3d139404-LHR
clientname
flagstar
icon-card_business-loans.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
11 KB
5 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-loans.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
090dccdc949d234690ab3c5084c4683087813babb20a034e37868642a63434dc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-138019369"
content-length
2157
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:32 GMT
server
cloudflare
etag
"2a08-611cd79f67fa7-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b3d149404-LHR
clientname
flagstar
icon-card_business-lines-of-credit.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
4 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-lines-of-credit.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
804454a2c411d8bb3a19ab0c282698955089bdd1f3e7114f880d85e919eb5910
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="898823705"
content-length
847
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:12:50 GMT
server
cloudflare
etag
"e2b-611cd73de4581-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d339404-LHR
clientname
flagstar
icon-card_commercial-mortgage.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
6 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_commercial-mortgage.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b7f19f0359b200b661e8f6ddd6cb71c15a213a1e944d16df9f4477cf616ec8c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="418310325"
content-length
1146
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:13:20 GMT
server
cloudflare
etag
"1705-611cd75a9323d-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d359404-LHR
clientname
flagstar
icon-card_treasury-management1.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_treasury-management1.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1513159891"
content-length
815
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:15 GMT
server
cloudflare
etag
"cde-611cd6e3f52ad-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d379404-LHR
clientname
flagstar
icon-card_wealth-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_wealth-services.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33dbf9d3f5f3d7695cd1c9753c24113044b3c1aa2cd21771fc5580327c0d5c28
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="656129600"
content-length
620
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:37 GMT
server
cloudflare
etag
"6ec-611cd7a48b676-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d389404-LHR
clientname
flagstar
icon-card_sectors.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_sectors.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
def3cd591fff9b3958866afefa7cf7321de1d902dc9b85749986d6bc637deaf9
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-304597325"
content-length
776
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:12:07 GMT
server
cloudflare
etag
"8a6-611cd71543340-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d399404-LHR
clientname
flagstar
icon-card_treasury-management.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_treasury-management.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="679499100"
content-length
815
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:31:33 GMT
server
cloudflare
etag
"cde-611cdb6cdfe44-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d3b9404-LHR
clientname
flagstar
icon-card_banking-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_banking-services.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
38bc96c8a0910f32a8fcda24fdeaf7a9a5ce6ba89087e3be7b3200f75edbbd34
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="197212236"
content-length
1035
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:12:07 GMT
server
cloudflare
etag
"dd9-611cd71552570-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d3c9404-LHR
clientname
flagstar
icon-card_investment-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_investment-services.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9fc5fc887e2a0ad18a5136f7a2132ebcca631ca61e8669c52197a849c1b1aca1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1520196331"
content-length
782
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:32 GMT
server
cloudflare
etag
"cf8-611cd79f76237-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d3e9404-LHR
clientname
flagstar
icon-card_private-banking.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_private-banking.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
97df66242f23aaeb6bbc7d5e8c021a11c1bad6c4b5288ec452ee527862bc3b8c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1811197924"
content-length
1018
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:13:20 GMT
server
cloudflare
etag
"d9b-611cd75ab39c5-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d3f9404-LHR
clientname
flagstar
icon-card_credit-lending.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
4 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_credit-lending.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
801847061fa3bd28e46114c9091fd9f5997d929e74375a438a7aa7af517ffcf6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="153840463"
content-length
805
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:45 GMT
server
cloudflare
etag
"fc6-611cd6c75a772-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b4d429404-LHR
clientname
flagstar
icon-card_wealth-management.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_wealth-management.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
475123a04af4e549385e696417bd320a5bce09c8e380c91522041e00d2c22173
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1833153339"
content-length
805
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:12 GMT
server
cloudflare
etag
"9b5-611cd6e0ee59f-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d439404-LHR
clientname
flagstar
icon-card_about-us.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
1 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_about-us.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f7ef3b405d900ff0a094366a371e588b2b237bc32ee0ba137dd9867a2f20d7a
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1507738562"
content-length
435
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:30:59 GMT
server
cloudflare
etag
"5b6-611cdb4cb85bb-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d469404-LHR
clientname
flagstar
icon-card_our-approach.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_our-approach.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b44994c64a6b67108462fe811a6ac32b4ea7bd9749931714c1d325b217841a67
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="682363794"
content-length
467
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:13:20 GMT
server
cloudflare
etag
"7b4-611cd75ac81e5-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d479404-LHR
clientname
flagstar
icon-card_specialized-expertise.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_specialized-expertise.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7cdf1b99e51212475107d8ee46cc03546111d482fc00c4708d76c9c2cffde17
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-742180877"
content-length
701
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:45 GMT
server
cloudflare
etag
"7b7-611cd6c76d052-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d499404-LHR
clientname
flagstar
answers.css
assets.sitescdn.net/answers-search-bar/v1.5/
103 KB
13 KB
Stylesheet
General
Full URL
https://assets.sitescdn.net/answers-search-bar/v1.5/answers.css
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:1754 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
403ec99441cacff48156ea95969e9eb61fa80cdc67019f65b5f51fa903ad752f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 14:10:08 GMT
x-amz-version-id
rUuq0gWpQ8vPDr1wXRf3oDuthJTK9mz1
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 13 Feb 2024 15:52:06 GMT
server
cloudflare
x-amz-request-id
WJ3MH9QXD1BRYHQN
age
37695
etag
W/"59c959159bd9c9dee3f1e9490d9940fc"
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=43200
cf-ray
871b14359e746536-LHR
alt-svc
h3=":443"; ma=86400
x-amz-id-2
hNZ2Md5PtcDwrusJwPH7FCfn/IX9C6cSPTTytJxXuP5MEunfmTjqkvA+zxXOUAgJT32LcG0jOl8=
answers.min.js
assets.sitescdn.net/answers-search-bar/v1.5/
434 KB
116 KB
Script
General
Full URL
https://assets.sitescdn.net/answers-search-bar/v1.5/answers.min.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:1754 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e7ebc77bef7d40eb22899b7f5b44aa491a242afdb695d38ec8dd0f587d2f3ee

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 14:10:08 GMT
x-amz-version-id
n.2XKrd6Gk28VFv7OLP0_EsWxXQfqGwA
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 13 Feb 2024 15:52:06 GMT
server
cloudflare
x-amz-request-id
EG3S085SGRDATWVY
age
20679
etag
W/"bf075e02e336607110569d16fe8f9a5b"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=43200
cf-ray
871b14359e7a6536-LHR
alt-svc
h3=":443"; ma=86400
x-amz-id-2
vVPJnO3x1QW1TTzrqs9kQY6D73n2ryoacLnUVkd+rdTMYCdd4EzUrrgEv7Qnb7DlL65zspUcXTU=
answerstemplates.compiled.min.js
assets.sitescdn.net/answers-search-bar/v1.5/
81 KB
21 KB
Script
General
Full URL
https://assets.sitescdn.net/answers-search-bar/v1.5/answerstemplates.compiled.min.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:1754 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ec42dc868fd8626e9d5eeb98d4d888dba09f4a102fe399654abe79fd735e206

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 14:10:09 GMT
x-amz-version-id
3FZ2zCYnpSGC_xQOR46F9ZJ8KYNLPGkE
content-encoding
gzip
cf-cache-status
HIT
last-modified
Tue, 13 Feb 2024 15:52:06 GMT
server
cloudflare
x-amz-request-id
332E29J35BQGGE33
age
29830
etag
W/"6494457f8032c98775ff157bf2a1970d"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=43200
cf-ray
871b14361f406536-LHR
alt-svc
h3=":443"; ma=86400
x-amz-id-2
KhJiOEjubuCuEiI+o8iOwdTYF4jQm8ABFjIS/l9OwvXUWl0GMLd6SC+dmdvY/KXrbeZJ7QBXiQQ=
Answers.js
www.flagstar.com/content/dam/newco/script/
628 B
4 KB
Script
General
Full URL
https://www.flagstar.com/content/dam/newco/script/Answers.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4de9a2e13a638feaef7cfe74c34a7cf7876a971d6eaab169d59a7e383f5aa75e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382342
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1906697454"
content-length
406
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:25 GMT
server
cloudflare
etag
"274-611cd6b3a02db-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14367e529404-LHR
clientname
flagstar
Megaphone%201.svg
www.flagstar.com/content/dam/newco/global/icons/
886 B
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global/icons/Megaphone%201.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
035c84a3e7aad2af24632b56b6c54926db5439e9172dd5a7e0dcc0f345f3fe77
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="2105038957"
content-length
364
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Mon, 26 Feb 2024 19:11:10 GMT
server
cloudflare
etag
"376-6124dac3106ae-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d4a9404-LHR
clientname
flagstar
icon-card_mobile-debit-card.svg
www.flagstar.com/content/dam/newco/icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/icons/icon-card_mobile-debit-card.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e18a31e36435d1ab770385bc4891cba9ede46bf18e2852e4871ebbe1de50cac0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
384846
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="525578058"
content-length
857
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Wed, 03 Apr 2024 14:30:08 GMT
server
cloudflare
etag
"92c-615320f3bcab8-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d4d9404-LHR
clientname
flagstar
icon-card_savings.svg
www.flagstar.com/content/dam/newco/icons/
4 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/icons/icon-card_savings.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e4240ea75a8fc43a0d1b9067ab501efde70576e4e811dc9ee0e8fa876281aaf
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
384846
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-419805580"
content-length
1242
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Wed, 03 Apr 2024 14:31:42 GMT
server
cloudflare
etag
"10ec-6153214d7d536-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d4e9404-LHR
clientname
flagstar
icon-card-buy-a-home.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card-buy-a-home.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80ec0dcc431f5cf7624cb80dd997256ce3980dc4ca1c382283751e5e6738cd42
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
384846
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1449748751"
content-length
707
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 02 Apr 2024 20:10:56 GMT
server
cloudflare
etag
"77b-61522b436dd0f-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d4f9404-LHR
clientname
flagstar
card_A-fresh-start-to-your-finances.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
14 KB
17 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/learn/card-images/card_A-fresh-start-to-your-finances.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d4cbdb138a5c650518bbafc02db8f5dd41939523f911f954fee1148a38a19a0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
384846
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1887787722"
content-length
14428
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Thu, 04 Apr 2024 15:49:53 GMT
server
cloudflare
etag
"385c-615474a43d074"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d509404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
card_save-the-Easy-Way-With-Automatic-Transfers.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
34 KB
37 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/learn/card-images/card_save-the-Easy-Way-With-Automatic-Transfers.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aeb96cc035a20b78028201732268893f1065705c287a740ed94a5613815c2c25
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
384846
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1252705914"
content-length
34915
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Thu, 04 Apr 2024 15:47:23 GMT
server
cloudflare
etag
"8863-61547415869f2"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d529404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
card_Take-a-day-off-from-spending.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
39 KB
42 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/learn/card-images/card_Take-a-day-off-from-spending.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
96dc05a6fe5a3e1b2618ea2311e7351ac4676de79cf0cdd209a1b2f12a48107b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
384846
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1848052846"
content-length
40033
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Thu, 04 Apr 2024 15:36:44 GMT
server
cloudflare
etag
"9c61-615471b44e5d3"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b5d539404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
icon-card_calculator
www.flagstar.com/content/dam/newco/global/icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/global/icons/icon-card_calculator
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e269b0b63b7b5e183e60cefac1e9cc41fc930789a18dc497384b427aa74ea1cb
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:09:55 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
DYNAMIC
content-encoding
gzip
x-oneagent-js-injection
true
x-cnection
close
content-disposition
attachment; filename="icon-card_calculator"
server-timing
dtRpid;desc="-1744457150", dtSInfo;desc="0"
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 03:49:11 GMT
server
cloudflare
etag
W/"1708400953:dtagent10285240307101407wwwp:dtagent10285240307101407wwwp"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2592000
cf-ray
871b143b6d659404-LHR
clientname
flagstar
icon-card_first-time-home-buyer.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
2 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_first-time-home-buyer.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49053fa023e05f72834fb4858b8b6ea2ea9864f7a17113b3c42a425a2939adb4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
377490
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-156967089"
content-length
650
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 02 Apr 2024 20:19:47 GMT
server
cloudflare
etag
"763-61522d3d1a5ac-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d669404-LHR
clientname
flagstar
icon-card_mortgage-approved-or-closed-home-loans.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_mortgage-approved-or-closed-home-loans.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
436098c0c6fe572bbaaea00d2293bc100c536e75592dc9bd73371eb1a09bea94
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
377490
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1213391105"
content-length
859
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 02 Apr 2024 20:16:31 GMT
server
cloudflare
etag
"c3e-61522c823c97f-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d679404-LHR
clientname
flagstar
icon-card_connect.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
3 KB
4 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_connect.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be235aeef05250ebd0496e4aff893fc4c2a0f459a18c2326517880b1fa779dea
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
377490
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="435417231"
content-length
919
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 02 Apr 2024 20:02:23 GMT
server
cloudflare
etag
"c1e-6152295a2194e-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d699404-LHR
clientname
flagstar
card_about-flagstar.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
28 KB
31 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_about-flagstar.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
022866fe426eaaadfb99d714ee1758358cecb9321084b8ae088749b375b64920
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
378985
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-748885974"
content-length
28566
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Fri, 29 Mar 2024 02:31:35 GMT
server
cloudflare
etag
"6f96-614c370519623"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d6a9404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
card_community-involvement.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
57 KB
60 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_community-involvement.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b8e6dd018656e2051b99145f8a306111351b21bcc97d67debb41b3f8f7a33ca
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
378985
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="121387686"
content-length
58430
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Fri, 29 Mar 2024 02:44:00 GMT
server
cloudflare
etag
"e43e-614c39caf0c51"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d6d9404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
card_diversity-equity-and-inclusion.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
19 KB
22 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_diversity-equity-and-inclusion.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c25b79f044d5037c9792be55ae6b3cf18a56da5df5bd344431188ebaab031c03
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
378985
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="696572973"
content-length
19677
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Fri, 29 Mar 2024 02:40:54 GMT
server
cloudflare
etag
"4cdd-614c391a16078"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d6f9404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
clientlib-site.6b1c95bf01579ca3637563e8c4ceec94.js
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
48 KB
13 KB
Script
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.6b1c95bf01579ca3637563e8c4ceec94.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c75d6536e05e7ffc5be6a9733bf69e502ef63d60a872006de2b4c79ed33e2c4
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
384846
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1222985723"
content-length
10255
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 05 Apr 2024 02:31:10 GMT
server
cloudflare
etag
"c0d8-615503fae49dd-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14369e739404-LHR
clientname
flagstar
container.027d01df25f17066242db969c9bf2ade.js
www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/
6 KB
2 KB
Script
General
Full URL
https://www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.027d01df25f17066242db969c9bf2ade.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe05972ec9e5bdd020c2cbdeae20d95d5643888ee2198c4ebf1145b1d60d30ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382342
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-779388018"
content-length
1572
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:30:59 GMT
server
cloudflare
etag
"17c3-611cdb4c4e66b-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b1436ceb69404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
csrf.a9dcac4698709ca8e1cbc88363cf0793.js
www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/
10 KB
3 KB
Script
General
Full URL
https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382342
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-249312956"
content-length
2867
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 28 Oct 2022 14:48:47 GMT
server
cloudflare
etag
"27d9-5ec195aeeed56-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b1436ef029404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
159 KB
32 KB
Script
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a7382dd06b3e2279c5e4046426b583c17f7bfd30377033a2049d1f7f1a13ddfe
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains
age
382342
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="514921663"
content-length
29567
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 05 Apr 2024 02:12:58 GMT
server
cloudflare
etag
"27b56-6154ffe95d4f0-gzip"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b14372f569404-LHR
clientname
flagstar
FooterLogo.png
www.flagstar.com/content/dam/newco/footer/
5 KB
8 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/footer/FooterLogo.png
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0bbcb1c065db429b64f24825abb404ee8795be695d726894813bddcb462476bf
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-943542966"
content-length
4842
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:51 GMT
server
cloudflare
etag
"12ea-611cd7b20adde"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d709404-LHR
clientname
flagstar
facebook.png
www.flagstar.com/content/dam/newco/footer/
3 KB
6 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/footer/facebook.png
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a71bd54a0b412e2a987daa67d5203169a5973349249e9e563ebe78f9460ff2c1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-60996266"
content-length
2992
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:13:20 GMT
server
cloudflare
etag
"bb0-611cd75b10df5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d719404-LHR
clientname
flagstar
twitter.png
www.flagstar.com/content/dam/newco/footer/
3 KB
6 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/footer/twitter.png
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b262089aff66440a9664b16bc5541050a728ca80ce98c8756bd10353e5edde5d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1931217355"
content-length
3247
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:26 GMT
server
cloudflare
etag
"caf-611cd6b4a3f1b"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d729404-LHR
clientname
flagstar
linkedin.png
www.flagstar.com/content/dam/newco/footer/
3 KB
6 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/footer/linkedin.png
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89d46740e95d2d1e4f6d2b54f569e319515b0d89426ccfa4c33f13e1ca4ab6bc
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Thu, 09 May 2024 14:10:09 GMT
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382341
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1915569202"
content-length
3098
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:30:59 GMT
server
cloudflare
etag
"c1a-611cdb4d02553"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143b6d739404-LHR
clientname
flagstar
fbevents.js
connect.facebook.net/en_US/
219 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ebcc80bf5e0568d173b31bee579c02a725832f916de3656f7a36f94df865d168
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 09 Apr 2024 14:10:09 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57928
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=12, mss=1294, tbw=2793, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
SB2tz3a/EcDTQhDGYABTq6RA8Tz6wN+6voQjmF14tFcFRzXas+1x4kFVKEr/gYXHDSFfs9YJ7Aw60MeaL2FqPg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
truncated
/
718 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e5182523f59ba1baecf5a1ebc9994231e088592a940331952aa3124db80a757f

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
Fellix-Medium.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
51 KB
54 KB
Font
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Medium.woff
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9f9c1b8a5fa5db59d5f705edc27e4a3ffe9eedbcc225e622d2f8055c99f761c
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Origin
https://www.flagstar.com
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
5751
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1939264122", dtTao;desc="1"
content-length
52352
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:14:36 GMT
server
cloudflare
etag
"cc80-611cd7a44f19e:dtagent10285240307101407wwwp"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=14400
accept-ranges
bytes
timing-allow-origin
*
cf-ray
871b143b7d829404-LHR
expires
Tue, 09 Apr 2024 18:10:09 GMT
Fellix-Regular.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
51 KB
54 KB
Font
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Regular.woff
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb0c0db8ccc7938c8d17d623e5e4055f8790a51a40c78f8fe57c2e24bbed567b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Origin
https://www.flagstar.com
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
5751
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1017613929", dtTao;desc="1"
content-length
52008
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:13:18 GMT
server
cloudflare
etag
"cb28-611cd75a4f065:dtagent10285240307101407wwwp"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=14400
accept-ranges
bytes
timing-allow-origin
*
cf-ray
871b143b7d849404-LHR
expires
Tue, 09 Apr 2024 18:10:09 GMT
token.json
www.flagstar.com/libs/granite/csrf/
2 B
137 B
XHR
General
Full URL
https://www.flagstar.com/libs/granite/csrf/token.json
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
-1
date
Tue, 09 Apr 2024 14:10:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-oneagent-js-injection
true
x-cnection
close
server-timing
dtRpid;desc="875634900", dtSInfo;desc="0"
content-length
2
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
server
cloudflare
x-frame-options
SAMEORIGIN
content-type
application/json;charset=iso-8859-1
cache-control
no-cache
cf-ray
871b143b9db29404-LHR
clientname
flagstar
otSDKStub.js
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/
20 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/otSDKStub.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
31310
content-md5
1C7BuQ3LGAlBcdxyvs3Sgw==
content-length
6884
x-ms-lease-status
unlocked
last-modified
Tue, 20 Feb 2024 11:14:14 GMT
server
cloudflare
etag
0x8DC3205122F70A6
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3f8eecab-801e-0088-2a08-7cdc8a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
871b143c0c0f368e-LHR
expires
Wed, 10 Apr 2024 14:10:09 GMT
truncated
/
572 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
27abd69045bfedd0501b68c979047543c77c576bbc1e9819f5c7654aef2914f7

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=UTF-8
hero-2_ready-checking0324.jpg
www.flagstar.com/content/dam/newco/personal/banking/hero-images/
63 KB
66 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/personal/banking/hero-images/hero-2_ready-checking0324.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75b249c7e3dfbfac8c0f8355dfd581ae8d2640a7853f9545f8022b75295d6978
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
377490
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1342599777"
content-length
64353
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Tue, 02 Apr 2024 20:19:47 GMT
server
cloudflare
etag
"fb61-61522d3da295c"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143bcdf09404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
truncated
/
448 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb90437e6e80e8e6aaa268b8d38efe74a691732163778001083b3582c15c861f

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
feature_mobile-app.jpg
www.flagstar.com/content/dam/newco/personal/banking/feature-images/
126 KB
129 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/personal/banking/feature-images/feature_mobile-app.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36eb0ab37a2e2255bdff59a124eb2fac1fdec82f51f1b05be98f93b48116094e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
384846
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="750530614"
content-length
129109
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Tue, 02 Apr 2024 20:02:24 GMT
server
cloudflare
etag
"1f855-6152295af119e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143bcdf29404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
truncated
/
387 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3f3a53cecd609c52d2d87a08dc9f074e8a907569526fc16631ae930b67b7fbcc

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
Fellix-SemiBold.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
51 KB
55 KB
Font
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-SemiBold.woff
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
850738adf5732aeff29a17ba8804213f8073f9f2b7d5021b1ff6f1324c8ca9b9
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Origin
https://www.flagstar.com
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
5750
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="140927759", dtTao;desc="1"
content-length
52712
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:12:49 GMT
server
cloudflare
etag
"cde8-611cd73e71369:dtagent10285240307101407wwwp"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=14400
accept-ranges
bytes
timing-allow-origin
*
cf-ray
871b143bcdef9404-LHR
expires
Tue, 09 Apr 2024 18:10:09 GMT
v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/
0
0

truncated
/
485 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7f2e0c9da687d8c85eda95732725ff81992c97091c85c1fb85e83e05bef4e740

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
952e9acd27a406f242f38222ef659d11dcbc82f3a1fe36e759441bfdbf7576ac

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
pnapi_integration-latest.min.js
solutions.invocacdn.com/js/
124 KB
40 KB
Script
General
Full URL
https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-35.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8e401b8a68c8c3bfa7e4711dc68e48f6bc0341f325ea1814bb575f9f6bd0de56

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
jrSNisU5ykeqt.1GAR3ZWMADf5KD2HPp
content-encoding
gzip
via
1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
date
Tue, 09 Apr 2024 13:43:32 GMT
x-amz-cf-pop
FRA2-C1
age
1599
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 23 Jan 2024 21:42:17 GMT
server
AmazonS3
etag
W/"ce530d44fb07528350b1354e401eb557"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
cache-control
max-age=3600
x-amz-cf-id
TEQ3V_ikSviednUWc1anuN6xZ1TylPPg1Rwdmh2MKscLk_CUpZaqHA==
hero-2_ready-checking0324.jpg.thumb.1121.1121.jpg
www.flagstar.com/content/dam/newco/personal/banking/hero-images/
63 KB
66 KB
Image
General
Full URL
https://www.flagstar.com/content/dam/newco/personal/banking/hero-images/hero-2_ready-checking0324.jpg.thumb.1121.1121.jpg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d75e46efa71b6e8fcadaab864129cb1f0adad20b3a05fd040898056c106bb5d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:09 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
377490
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1777691927"
content-length
64533
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
cf-bgj
h2pri
last-modified
Tue, 02 Apr 2024 20:10:30 GMT
server
cloudflare
etag
"fc15-61522b2abfb38"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/jpeg
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
871b143c2e639404-LHR
expires
Thu, 09 May 2024 14:10:09 GMT
MultiNoun.jsonp
d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/
226 B
591 B
Script
General
Full URL
https://d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.109.188.112 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl13-ncg1-c5-iad4.la2-c2-ia4.salesforceliveagent.com
Software
/
Resource Hash
722df4e67cf42adc66d3b57548cb55288b8b6ac489d189302c86668741018262
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1
3202410
answers.yext-pixel.com/realtimeanalytics/data/answers/
0
319 B
Ping
General
Full URL
https://answers.yext-pixel.com/realtimeanalytics/data/answers/3202410
Requested by
Host: assets.sitescdn.net
URL: https://assets.sitescdn.net/answers-search-bar/v1.5/answers.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:45f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Tue, 09 Apr 2024 14:10:10 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
871b143d2f5f6552-LHR
content-length
0
b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/
4 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c7d1349c2d47c2f850923ef3948b5ec6b8ec9647edd2cf281a23bf6689e2777
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
79107
content-md5
gOeuBNp0amlk+rCoL0fDUg==
content-length
1488
x-ms-lease-status
unlocked
last-modified
Tue, 20 Feb 2024 11:14:13 GMT
server
cloudflare
etag
0x8DC3205120C5D5D
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
73e5321d-501e-00a4-3b4e-793025000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
871b143d587079b8-LHR
expires
Wed, 10 Apr 2024 14:10:10 GMT
1507898736628275
connect.facebook.net/signals/config/
56 KB
12 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1507898736628275?v=2.9.152&r=stable&domain=www.flagstar.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5e0b77012fd149ec9325c18ce21e4d78c543000caee33f006f6a1e054d7ab22f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 09 Apr 2024 14:10:10 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=57, rtx=0, c=45, mss=1294, tbw=63264, tp=-1, tpl=-1, uplat=161, ullat=0
pragma
public
x-fb-debug
DNl/mF/fx9Kwe8/nHRLfOMrHKVvAd/KJHAnTPgKg15Eo9/ufP7t/C62dJEXnLnefWZDNerSw5/OqDBXDWUxPrg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
tag-live.js
solutions.invocacdn.com/js/networks/1429/2586959106/
9 KB
2 KB
Script
General
Full URL
https://solutions.invocacdn.com/js/networks/1429/2586959106/tag-live.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.35 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-189-35.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6ad7b1558f6bbd01707081eb925ffab4c53bd282a9f74bd39e45f3823dac777

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
.LDHfqWkvZVq.2IEGzmVTFkGAGNKK7Un
content-encoding
gzip
via
1.1 c28c128e9402fb070daca09bab68490a.cloudfront.net (CloudFront)
date
Tue, 09 Apr 2024 14:07:57 GMT
x-amz-cf-pop
FRA2-C1
age
213
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 23 Feb 2024 22:47:27 GMT
server
AmazonS3
etag
W/"358f5032aa14e7ea70850ce2a94aa852"
vary
Accept-Encoding
content-type
text/javascript
cache-control
max-age=300
x-amz-cf-id
gFUKmhXX4Z9ARid231bZ63BVUc7PA2sk3kEi8iBAlROW7fjW8MKPaA==
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202401.2.0/
430 KB
105 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202401.2.0/otBannerSdk.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6972c49e66fe3c5026a1a1e26a06c49995cec36fc522cb56461f5cf0b2b2978
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ekgyiOgvSPjNzcyXVUS11Q==
age
68646
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
106739
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 11:26:28 GMT
server
cloudflare
etag
0x8DC3E996ED117D9
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
e31c6377-501e-009b-7f34-71f886000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
871b143dceb2368e-LHR
na.jsonp
pnapi.invoca.net/1429/
197 B
387 B
Script
General
Full URL
https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.30.6&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22calling_page%22%3A%22%2F%22%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22journey%22%3A%22%2F%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22invoca_id%22%3A%22i-5c409210-a94f-413c-b7b2-9538e469bec1%22%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%22%3A%22%22%2C%22cores%22%3A17%2C%22platform%22%3A%22Win32%22%2C%22screenWidth%22%3A800%2C%22screenHeight%22%3A600%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22beaconSupported%22%2C%22counter%22%5D%5D&jsoncallback=json_rr1&
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.174.61 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-174-61.compute-1.amazonaws.com
Software
/
Resource Hash
918a2da9914b4bbc7a923bef0b15db54db79c465f7225c238ac1f22041d0ae58

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
content-encoding
gzip
Connection
keep-alive
processing_time
19.25903ms
Content-Length
176
vary
accept-encoding
content-type
text/html;charset=utf-8
en.json
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/
77 KB
17 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/en.json
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27a1c8f923d6e59c604e23b86d1635e5edcec6b40b42a7c30c8b30565d2dd566
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
67906
content-md5
lH5Jie6VQSwJypYWxH2auA==
content-length
17576
x-ms-lease-status
unlocked
last-modified
Tue, 20 Feb 2024 11:14:14 GMT
server
cloudflare
etag
0x8DC32051264F7D4
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
db6a1e37-e01e-0037-2967-79eb2f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
871b143e5a1079b8-LHR
expires
Wed, 10 Apr 2024 14:10:10 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otFlat.json
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
BhDz7QN6NZvDbVeQXXKKbA==
age
74272
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
3041
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 11:26:21 GMT
server
cloudflare
etag
0x8DC3E996A8D0BAE
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
9f08ff4d-d01e-0003-2958-79d8e7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
871b143eca8d79b8-LHR
otPcTab.json
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/
63 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/otPcTab.json
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d18f313f2489ed91cd15cf94a1e5668b8b0da8318f593d980228000a1757702f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
+VcLy0Fhvi3ZWKBwz9NNzQ==
age
74532
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13587
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 11:26:24 GMT
server
cloudflare
etag
0x8DC3E996C0939E8
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
113241f2-601e-0074-3358-790d73000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
871b143eca9179b8-LHR
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/
21 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otCommonStyles.css
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
c7xAZ9MSGAobGaTYg/Qtag==
age
30185
x-ms-lease-status
unlocked
last-modified
Thu, 07 Mar 2024 11:26:34 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
84bc12a4-c01e-0099-7d08-7c463e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
871b143eca9579b8-LHR
ot_close.svg
cdn.cookielaw.org/logos/static/
651 B
600 B
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
38784
x-ms-lease-status
unlocked
last-modified
Mon, 08 Apr 2024 16:40:53 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
09706a8d-201e-004a-572d-8a9a0c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
871b143f28d5368e-LHR
Fellix-Bold.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
51 KB
55 KB
Font
General
Full URL
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Bold.woff
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe0f33a2350724f28a0cc88dde554347b209fc0b3077a579072e830dc38d2f74
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
Origin
https://www.flagstar.com
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:10 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
5751
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-359648282", dtTao;desc="1"
content-length
52512
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:11:26 GMT
server
cloudflare
etag
"cd20-611cd6ef0724d:dtagent10285240307101407wwwp"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
font/woff
cache-control
public, max-age=14400
accept-ranges
bytes
timing-allow-origin
*
cf-ray
871b143f2a729404-LHR
expires
Tue, 09 Apr 2024 18:10:10 GMT
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
490 B
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
30185
x-ms-lease-status
unlocked
last-modified
Mon, 08 Apr 2024 16:40:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
5c5f33ad-801e-0053-5a41-8a1ab7000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
871b143f3b6379b8-LHR
FlagstarLogo.png
cdn.cookielaw.org/logos/fece6da3-6c93-46cb-8681-184cab7c0c91/1900e3f8-1fc1-45c1-8af1-c1c929d00bdd/5b7ef6ff-4828-48d7-a216-676a7b8dd43d/
4 KB
4 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/fece6da3-6c93-46cb-8681-184cab7c0c91/1900e3f8-1fc1-45c1-8af1-c1c929d00bdd/5b7ef6ff-4828-48d7-a216-676a7b8dd43d/FlagstarLogo.png
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
58216c10226af4d1473ae3f58dc88dccc9bbbc25f0a7a29ed04476f89b7fc636
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
OFjPyh2wbGYpiy35IKRXYQ==
age
23580
content-length
4357
x-ms-lease-status
unlocked
last-modified
Wed, 07 Feb 2024 02:13:11 GMT
server
cloudflare
etag
0x8DC278255C4642F
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
x-ms-request-id
9303efc5-e01e-006a-3b54-7be1ab000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
871b143f3906368e-LHR
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 09 Apr 2024 14:10:10 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
68649
x-ms-lease-status
unlocked
last-modified
Mon, 08 Apr 2024 16:40:54 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
fa9665f5-301e-008d-51e7-890e51000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
871b143f4908368e-LHR
interact
adobedc.demdex.net/ee/v1/
731 B
922 B
Fetch
General
Full URL
https://adobedc.demdex.net/ee/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=d02401e6-3de2-4ec9-8045-8c6f98f8eafa
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.17 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-17.data.adobedc.net
Software
jag /
Resource Hash
bb694533be9c29f2512d22a56a8955d6a4dd2028da24e64388afbe73ef1dbe1e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Tue, 09 Apr 2024 14:10:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
server
jag
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.flagstar.com
access-control-expose-headers
Retry-After, X-Adobe-Edge, X-Request-ID
x-adobe-edge
IRL1;6
access-control-allow-credentials
true
x-konductor
N/A
cache-control
no-cache, no-store, max-age=0, no-transform, private
x-xss-protection
1; mode=block
x-request-id
d02401e6-3de2-4ec9-8045-8c6f98f8eafa
Settings.jsonp
d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/
720 B
712 B
Script
General
Full URL
https://d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp?sid=2cec2fbe-3457-4ed4-b519-2593e02e3296&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.254.28 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl9-ncg1-c6-iad5.la5-c1-ia5.salesforceliveagent.com
Software
/
Resource Hash
a00e73bcc133e834c8daec18a33c23f3f2def217cd626f4c979b0374d63a68aa
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1
iframe_api
www.youtube.com/
993 B
2 KB
Script
General
Full URL
https://www.youtube.com/iframe_api
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e4d5c28787419e7eaee569549d12df6ea9b1e7aa76e6f2a08b28ab812bfc1486
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 14:10:11 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en-GB for more info."
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type
text/javascript; charset=utf-8
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control
private, max-age=0
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial
AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
expires
Tue, 09 Apr 2024 14:10:11 GMT
RC932eb8ff10dd4ad4a107497eae6b5445-source.min.js
assets.adobedtm.com/7dbad9752923/36b7dda228e9/b9134b1a6b32/
751 B
665 B
Script
General
Full URL
https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/b9134b1a6b32/RC932eb8ff10dd4ad4a107497eae6b5445-source.min.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
95a5883a8df18fe9084e71344f882e2e65c9fba8e4e6aa3dbab8882adcc288c9

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 14:10:11 GMT
content-encoding
gzip
last-modified
Mon, 18 Mar 2024 14:27:56 GMT
server
AkamaiNetStorage
etag
"6c70c1955cc74dd2e03c2c52aa864029:1710772076.103635"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.flagstar.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
408
expires
Tue, 09 Apr 2024 15:10:11 GMT
truncated
/
714 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
85e6344e946a0de09d6f16c3e69f75a1fdbd156885b739b3091eb0cc1452ca04

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
favicon.ico
www.flagstar.com/
15 KB
10 KB
Other
General
Full URL
https://www.flagstar.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
930a9e10430daabc159f18878082a300d13832fb01291049600928d4a7b64c69
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

clientname
flagstar
date
Tue, 09 Apr 2024 14:10:11 GMT
content-security-policy
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
HIT
age
382338
content-encoding
gzip
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-764275597"
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Tue, 20 Feb 2024 10:10:47 GMT
server
cloudflare
etag
W/"3c2e-611cd6c873b72"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/x-icon
cache-control
public, max-age=604800
cf-ray
871b144499f69404-LHR
expires
Tue, 16 Apr 2024 14:10:11 GMT
RC16d7e6bf9991438aae4d2fdf78410573-source.min.js
assets.adobedtm.com/7dbad9752923/36b7dda228e9/b9134b1a6b32/
1000 B
658 B
Script
General
Full URL
https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/b9134b1a6b32/RC16d7e6bf9991438aae4d2fdf78410573-source.min.js
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
f25971722f28b79a04ea15105833196a2f708ed1b2b9378f6b1e092e604bb739

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 14:10:11 GMT
content-encoding
gzip
last-modified
Mon, 18 Mar 2024 14:27:56 GMT
server
AkamaiNetStorage
etag
"6c70c1955cc74dd2e03c2c52aa864029:1710772076.103635"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.flagstar.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
402
expires
Tue, 09 Apr 2024 15:10:11 GMT
interact
edge.adobedc.net/ee/irl1/v1/
522 B
710 B
Fetch
General
Full URL
https://edge.adobedc.net/ee/irl1/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=bfa1d703-e0c8-4ab8-aa32-734713b6f09a
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.27 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-63-140-62-27.data.adobedc.net
Software
jag /
Resource Hash
94d8f1aec4cac91600ac7acaaee33f5c853bb1d53fad8cdfee2e2bfc071bb54f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Tue, 09 Apr 2024 14:10:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
server
jag
vary
Origin
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.flagstar.com
access-control-expose-headers
Retry-After, X-Adobe-Edge, X-Request-ID
x-adobe-edge
IRL1;6
access-control-allow-credentials
true
x-konductor
N/A
cache-control
no-cache, no-store, max-age=0, no-transform, private
x-xss-protection
1; mode=block
x-request-id
bfa1d703-e0c8-4ab8-aa32-734713b6f09a
www-widgetapi.js
www.youtube.com/s/player/1ced3a71/www-widgetapi.vflset/
216 KB
67 KB
Script
General
Full URL
https://www.youtube.com/s/player/1ced3a71/www-widgetapi.vflset/www-widgetapi.js
Requested by
Host: www.youtube.com
URL: https://www.youtube.com/iframe_api
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
d9af2551784a3f4116f8ed6d1ec5e7bb3b619e3a8ed3a0399eb3bbe375b2775a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 13:41:10 GMT
content-encoding
br
x-content-type-options
nosniff
age
1741
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
68372
x-xss-protection
0
last-modified
Wed, 03 Apr 2024 04:16:22 GMT
server
sffe
vary
Accept-Encoding, Origin
report-to
{"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="youtube"
expires
Wed, 09 Apr 2025 13:41:10 GMT
na.jsonp
pnapi.invoca.net/1429/
197 B
386 B
Script
General
Full URL
https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.30.6&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22invoca_id%22%3A%22i-5c409210-a94f-413c-b7b2-9538e469bec1%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22adobe_id%22%3A%22not_found%22%2C%22Agent%22%3Anull%2C%22branch_address%22%3Anull%2C%22branch_city%22%3Anull%2C%22branch_code%22%3Anull%2C%22branch_name%22%3Anull%2C%22branch_state%22%3Anull%2C%22calling_page%22%3A%22%2F%22%2C%22callTreatment%22%3Anull%2C%22CID%22%3Anull%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22dclid%22%3Anull%2C%22Disposition%22%3Anull%2C%22e%22%3Anull%2C%22email_name%22%3Anull%2C%22ga_session_id%22%3Anull%2C%22gclid%22%3Anull%2C%22gclsrc%22%3Anull%2C%22g_cid%22%3A%22not_found%22%2C%22j%22%3Anull%2C%22jb%22%3Anull%2C%22journey%22%3A%22%2F%22%2C%22l%22%3Anull%2C%22Lead_Record_Type%22%3Anull%2C%22LOB%22%3Anull%2C%22mid%22%3Anull%2C%22msclkid%22%3Anull%2C%22offline_destination%22%3Anull%2C%22Opportunity_Record_Type%22%3Anull%2C%22Parent_Campaign_Name%22%3Anull%2C%22profile_name%22%3Anull%2C%22sk%22%3Anull%2C%22ua%22%3Anull%2C%22utm_campaign%22%3Anull%2C%22utm_content%22%3Anull%2C%22utm_term%22%3Anull%2C%22verified_zip%22%3Anull%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%22%3A%22%22%2C%22cores%22%3A17%2C%22platform%22%3A%22Win32%22%2C%22screenWidth%22%3A800%2C%22screenHeight%22%3A600%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22initialLoad%22%2C1712671810167%5D%2C%5B%22startRun%22%2C1712671810223%5D%2C%5B%22startCollectPlacements%22%2C1712671810224%5D%2C%5B%22endCollectPlacements%22%2C1712671810244%5D%2C%5B%22startMapNumberRequest%22%2C1712671810244%5D%2C%5B%22endMapNumberRequest%22%2C1712671810771%5D%2C%5B%22endNumberReplacement%22%2C1712671810771%5D%2C%5B%22startWaitForData%22%2C1712671811246%5D%2C%5B%22endWaitForData%22%2C1712671812311%5D%5D&jsoncallback=json_rr2&
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.163.174.61 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-163-174-61.compute-1.amazonaws.com
Software
/
Resource Hash
c9d50766d2f8af9893ec669b38ce3dcd4b7f0b2e1f4bca788ef9f2c02a9609b2

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
content-encoding
gzip
Connection
keep-alive
processing_time
26.3286ms
Content-Length
176
vary
accept-encoding
content-type
text/html;charset=utf-8
rb_05a5443f-7bda-433a-9644-5a320a8634a5
www.flagstar.com/
120 B
237 B
Fetch
General
Full URL
https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_2_sn_4DCD2A65627287A7D9D499FD2C545D98_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=2&flavor=post&vi=QRJHRUUNPMJFLCJTQKVAUUHUUSHNUSKM-0&modifiedSince=1712642825053&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=873049878&en=ov27eoh7&end=1
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.18.41.140 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1758550d0fe27921324bceda912381a78f48c2496e8e0aba46c5fcf7ca034dfc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.flagstar.com/
accept-language
en-GB,en;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-ua-compatible
IE=Edge
date
Tue, 09 Apr 2024 14:10:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
cf-cache-status
DYNAMIC
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=utf-8
x-cnection
close
cf-ray
871b1452cee09404-LHR
content-length
132
x-xss-protection
1; mode=block
clientname
flagstar

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
static.cloudflareinsights.com
URL
https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Verdicts & Comments Add Verdict or Comment

142 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| dT_ object| dtrum object| dynatrace function| clientLibPush function| getCookie function| setCookie function| deleteCookie function| tryCookie function| setSessionStorage function| getSessionStorage function| removeSessionStorage function| setLocalStorage function| getLocalStorage function| removeLocalStorage function| OneLink function| showStorageError function| getJSON undefined| utmString string| utmParam undefined| utmArray undefined| key undefined| value object| q string| sitesectionLevel2 undefined| contentInfo object| webPageDetails object| pageInfo undefined| errorInfo number| statusCode string| pageName object| adobeDataLayer function| AutoNumeric object| _satellite boolean| __satelliteLoaded function| fbq function| _fbq object| customCuePoint object| triggerCuePoint function| alloy function| triggerEnded function| triggerStart boolean| liveAgentDeployment object| liveagent object| _laq object| ANSWERS function| setImmediate function| clearImmediate function| swal function| sweetAlert object| TemplateBundle string| prefix function| setNavigation function| docReady boolean| isIE11 object| focusedElBeforeOpen object| focusableEls function| updateFocusableEls function| ieIncludes function| setRegion function| interstitialDefault function| interstitialChangeZip function| interstitialChangeZipNoProduct function| interstitialAreYouSure function| interstitialNoProduct function| interstitialNoCookies function| interstitialRedirectCalifornia function| interstitialRedirectInternet function| interstitialZipLookup function| interstitialZipLookupAndClearSessionStorage function| regionalizationError function| zipValidator function| initInterstitial function| interstitialKeyboardEvents function| openInterstitial function| closeInterstitial function| siblings function| initDisplayCurrentLocation function| showRegionElements object| CQ object| Granite function| _slicedToArray function| _nonIterableRest function| _iterableToArrayLimit function| _arrayWithHoles function| _createForOfIteratorHelper function| _unsupportedIterableToArray function| _arrayLikeToArray function| _typeof object| CMP string| InvocaTagId number| j string| x object| y string| path1 string| path2 string| path3 function| OnetrustGroupsTrunc function| OnetrustTargeting function| OptanonWrapper function| getPercentPageViewedAep object| Invoca string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| OneTrustStub object| Optanon object| OneTrust object| json_rr1 function| onYouTubeIframeAPIReady function| cookieWrite function| cookieRead function| p_fo boolean| ppvChange string| ppvID string| g object| __fo object| scriptUrl object| ttPolicy object| YT object| YTConfig function| onYTReady object| yt function| ytDomDomGetNextId object| ytEventsEventsListeners object| ytEventsEventsCounter object| ytglobal object| ytPubsub2Pubsub2Instance object| ytPubsub2Pubsub2SubscribedKeys object| ytPubsub2Pubsub2TopicToKeys object| ytPubsub2Pubsub2IsAsync object| ytPubsub2Pubsub2SkipSubKey object| ytNetworklessLoggingInitializationOptions object| ytPubsubPubsubInstance object| ytPubsubPubsubTopicToKeys object| ytPubsubPubsubIsSynchronous object| ytPubsubPubsubSubscribedKeys object| ytLoggingTransportTokensToCttTargetIds_ object| ytLoggingTransportTokensToJspbCttTargetIds_ object| ytLoggingGelSequenceIdObj_ object| json_rr2

28 Cookies

Domain/Path Name / Value
.flagstar.com/ Name: home
Value: personal
.flagstar.com/ Name: dtCookie
Value: v_4_srv_2_sn_4DCD2A65627287A7D9D499FD2C545D98_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1
www.flagstar.com/ Name: f5avraaaaaaaaaaaaaaaa_session_
Value: EKLDKFGEIGDLMFGIHJHDGAADGCBGNBLFIPFGPGMNIICMPKPKFNEFHKFLDGOGMBPGLOKDOJGGFLENCKGAJLLAMLKDPELNKBAEGJMGPIDHBFDAPCGJDFHLPNHDEFKBGKKD
.flagstar.com/ Name: __cf_bm
Value: 6cepEVJTlavtoH8FJFBHbya9wwqGN1NMS3FDHU0kcww-1712671808-1.0.1.1-fMYGpFO0fl.lfb5Dh3O0T2WaKQJ0FiNzspMAhnpXHB95dbV35pgq2HAX2Z.BkQbNHSr6udVFgRqrh4uDVxuRVQ
.flagstar.com/ Name: __cfruid
Value: 957d2446c615d205cb8abaefa173598f12d3c2bb-1712671808
.flagstar.com/ Name: _cfuvid
Value: u_eqJFrzBSwSlczQPxKcCsXON7zjAZruwNFUFVyE7ws-1712671808614-0.0.1.1-604800000
.flagstar.com/ Name: rxVisitor
Value: 1712671808744QO6TCR13DTPB0O8B489FI45A50648U1K
.flagstar.com/ Name: dtSa
Value: -
.sitescdn.net/ Name: __cf_bm
Value: jn8_639Kn1zr14CnEOTzuuZgSWOuKBjl6Ed5kITbqdg-1712671808-1.0.1.1-nw61Xzol8DLIT2omw1hEpxxGXGrjDwveqFw4KaPpzCzC1fHlt.PeONpVkLxXfr70lDK2LuChGFsJrG9I8DiCgg
www.flagstar.com/ Name: liveagent_oref
Value:
.answers.yext-pixel.com/ Name: __cf_bm
Value: WghpDt51zkvhR3xnCz4jguP2xjkmSMc7BE.b6oXIF08-1712671810-1.0.1.1-.077cnJlLNpzu4CRo9j8j.bsHGggDScKZdI4RPybWXGmgGSghzbHrH7phsVb0O1BQPexmRwundVLyt0spzv.F.aOYKIkPAl_JUZXPuC3840
.flagstar.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Tue+Apr+09+2024+15%3A10%3A10+GMT%2B0100+(British+Summer+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.flagstar.com%2F&groups=1%3A1%2C3%3A1%2CBG4%3A1%2C2%3A1%2C4%3A1
.demdex.net/ Name: demdex
Value: 90358022216709601633461481077599523367
.flagstar.com/ Name: kndctr_1D3E7E5B5E4E87670A495C47_AdobeOrg_identity
Value: CiY4NDI1NzU2Nzg5NTU1Njc1MjYxNDE0NDAwMzk1ODM0NzczNDY0OVITCJvIx5nsMRABGAEqBElSTDEwAPABm8jHmewx
.flagstar.com/ Name: kndctr_1D3E7E5B5E4E87670A495C47_AdobeOrg_cluster
Value: irl1
.flagstar.com/ Name: AMCV_1D3E7E5B5E4E87670A495C47%40AdobeOrg
Value: MCMID|84257567895556752614144003958347734649
www.flagstar.com/ Name: liveagent_sid
Value: 2cec2fbe-3457-4ed4-b519-2593e02e3296
www.flagstar.com/ Name: liveagent_vc
Value: 2
www.flagstar.com/ Name: liveagent_ptid
Value: 2cec2fbe-3457-4ed4-b519-2593e02e3296
.flagstar.com/ Name: rxvt
Value: 1712673611269|1712671808745
.flagstar.com/ Name: dtPC
Value: 2$271808743_672h-vQRJHRUUNPMJFLCJTQKVAUUHUUSHNUSKM-0e0
.flagstar.com/ Name: s_ips_aep
Value: 1200
.flagstar.com/ Name: s_tp_aep
Value: 5655
.flagstar.com/ Name: s_ppv_aep
Value: flagstar%253Ahome%2C21%2C21%2C1200%2C1%2C4
.youtube.com/ Name: YSC
Value: OfmbUHr3vdQ
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: ultb2Q0lZAg
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJHQhIEGgAgQQ%3D%3D
.flagstar.com/ Name: invoca_session
Value: %7B%22ttl%22%3A%222024-05-09T14%3A10%3A12.463Z%22%2C%22session%22%3A%7B%22invoca_id%22%3A%22i-5c409210-a94f-413c-b7b2-9538e469bec1%22%7D%2C%22config%22%3A%7B%22ce%22%3Atrue%2C%22fv%22%3Afalse%2C%22rn%22%3Afalse%7D%7D

14 Console Messages

Source Level URL
Text
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://www.flagstar.com/
Message:
Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
recommendation verbose URL: https://www.flagstar.com/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/1507898736628275?v=2.9.152&r=stable&domain=www.flagstar.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 97)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.flagstar.com/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adobedc.demdex.net
answers.yext-pixel.com
assets.adobedtm.com
assets.sitescdn.net
c.la5-c1cs-ia5.salesforceliveagent.com
cdn.cookielaw.org
connect.facebook.net
d.la2-c2-iad.salesforceliveagent.com
d.la5-c1-ia5.salesforceliveagent.com
edge.adobedc.net
mynycb.com
pnapi.invoca.net
solutions.invocacdn.com
static.cloudflareinsights.com
www.flagstar.com
www.mynycb.com
www.youtube.com
static.cloudflareinsights.com
104.18.41.140
13.109.188.112
13.110.254.28
13.110.255.221
13.224.189.35
208.71.55.51
2606:4700::6811:1754
2606:4700::6811:45f
2606:4700::6813:b234
2a00:1450:4001:810::200e
2a02:26f0:3500:591::1e80
2a03:2880:f084:d:face:b00c:0:3
54.163.174.61
63.140.62.17
63.140.62.27
022866fe426eaaadfb99d714ee1758358cecb9321084b8ae088749b375b64920
035c84a3e7aad2af24632b56b6c54926db5439e9172dd5a7e0dcc0f345f3fe77
090dccdc949d234690ab3c5084c4683087813babb20a034e37868642a63434dc
0bbcb1c065db429b64f24825abb404ee8795be695d726894813bddcb462476bf
0d75e46efa71b6e8fcadaab864129cb1f0adad20b3a05fd040898056c106bb5d
1758550d0fe27921324bceda912381a78f48c2496e8e0aba46c5fcf7ca034dfc
18bdc7909700de993fb5f08dc562d1cea796fc833bb6b9f294939216a78909c1
1a584616981963ae61992fee36f95da1ca96818a1c68695354bd899e32307429
1c7d1349c2d47c2f850923ef3948b5ec6b8ec9647edd2cf281a23bf6689e2777
25042f6994a65e8b585909f22a8e983e6d2fec1cc3b88a0a85df6fea3ebe10fb
27a1c8f923d6e59c604e23b86d1635e5edcec6b40b42a7c30c8b30565d2dd566
27a930e516d39f72356590a4e737515c95aa3a9969b6c2fc12075710f9032998
27abd69045bfedd0501b68c979047543c77c576bbc1e9819f5c7654aef2914f7
2e4240ea75a8fc43a0d1b9067ab501efde70576e4e811dc9ee0e8fa876281aaf
2ec42dc868fd8626e9d5eeb98d4d888dba09f4a102fe399654abe79fd735e206
33dbf9d3f5f3d7695cd1c9753c24113044b3c1aa2cd21771fc5580327c0d5c28
33e490db71cc68c65170e1d1eadde99b6ff8a0800cca62ffb6e099abe94a8811
3475c512749c10abccdeffe33c396580e23098635ab83c9f7d2987c076a457c6
36eb0ab37a2e2255bdff59a124eb2fac1fdec82f51f1b05be98f93b48116094e
38bc96c8a0910f32a8fcda24fdeaf7a9a5ce6ba89087e3be7b3200f75edbbd34
3c75d6536e05e7ffc5be6a9733bf69e502ef63d60a872006de2b4c79ed33e2c4
3e7ebc77bef7d40eb22899b7f5b44aa491a242afdb695d38ec8dd0f587d2f3ee
3f3a53cecd609c52d2d87a08dc9f074e8a907569526fc16631ae930b67b7fbcc
403ec99441cacff48156ea95969e9eb61fa80cdc67019f65b5f51fa903ad752f
41b3f21d187e8e772fe658c1afd0a836d079873e8b0cb15630325b0df448da97
41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc
436098c0c6fe572bbaaea00d2293bc100c536e75592dc9bd73371eb1a09bea94
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
475123a04af4e549385e696417bd320a5bce09c8e380c91522041e00d2c22173
49053fa023e05f72834fb4858b8b6ea2ea9864f7a17113b3c42a425a2939adb4
4b7f19f0359b200b661e8f6ddd6cb71c15a213a1e944d16df9f4477cf616ec8c
4de9a2e13a638feaef7cfe74c34a7cf7876a971d6eaab169d59a7e383f5aa75e
58216c10226af4d1473ae3f58dc88dccc9bbbc25f0a7a29ed04476f89b7fc636
5d2fd2417b6b7947a591339e14fea06b882e12b780955ffc062d5bed534d9bbf
5e0b77012fd149ec9325c18ce21e4d78c543000caee33f006f6a1e054d7ab22f
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
606ceda8954b51480b26eb5e9abd2d26d4d481d7dedeaa6afcec3ee5d6b39227
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6d4cbdb138a5c650518bbafc02db8f5dd41939523f911f954fee1148a38a19a0
6e883915424fc156cca96b72d20b7ca928799d6d1d3b075db0d0eca941972915
70740bb39befcad42f09bbff8a78e7f0503e3e4bf6361c858cea9423c8ad558c
722df4e67cf42adc66d3b57548cb55288b8b6ac489d189302c86668741018262
75b249c7e3dfbfac8c0f8355dfd581ae8d2640a7853f9545f8022b75295d6978
7f2e0c9da687d8c85eda95732725ff81992c97091c85c1fb85e83e05bef4e740
801847061fa3bd28e46114c9091fd9f5997d929e74375a438a7aa7af517ffcf6
804454a2c411d8bb3a19ab0c282698955089bdd1f3e7114f880d85e919eb5910
80ec0dcc431f5cf7624cb80dd997256ce3980dc4ca1c382283751e5e6738cd42
82a5f96383e36ec0b545815cd2b03b0fbef250ec1957cd686a9b08cad3cc608b
84551b2fc5b4daf2d89a4bb712509343abf84878723f814701d42cd050237e7d
850738adf5732aeff29a17ba8804213f8073f9f2b7d5021b1ff6f1324c8ca9b9
85e6344e946a0de09d6f16c3e69f75a1fdbd156885b739b3091eb0cc1452ca04
89d46740e95d2d1e4f6d2b54f569e319515b0d89426ccfa4c33f13e1ca4ab6bc
8b8e6dd018656e2051b99145f8a306111351b21bcc97d67debb41b3f8f7a33ca
8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1
8e401b8a68c8c3bfa7e4711dc68e48f6bc0341f325ea1814bb575f9f6bd0de56
8ff54385f2146f44f6d729ffb360b04ca6f42fa3c49e185b517d5ab0ac02e9b5
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
918a2da9914b4bbc7a923bef0b15db54db79c465f7225c238ac1f22041d0ae58
923a8d9740f94f5c08fcd2f3be048e8689441a216c3be5c0784797d5017d02d5
92b60026dfcc6eb3bf8631ec3c25138b31110706ceec72d087c6e5b5fc8a5cab
930a9e10430daabc159f18878082a300d13832fb01291049600928d4a7b64c69
94d8f1aec4cac91600ac7acaaee33f5c853bb1d53fad8cdfee2e2bfc071bb54f
952e9acd27a406f242f38222ef659d11dcbc82f3a1fe36e759441bfdbf7576ac
95a5883a8df18fe9084e71344f882e2e65c9fba8e4e6aa3dbab8882adcc288c9
96387be010f65288928b24d9445e88bcdb99e30664b7d2d595a7ccda6f1c4dc6
96dc05a6fe5a3e1b2618ea2311e7351ac4676de79cf0cdd209a1b2f12a48107b
97df66242f23aaeb6bbc7d5e8c021a11c1bad6c4b5288ec452ee527862bc3b8c
9d6c8b30f7e100ee333e01d26dc76c05bc88c8db65585390f7159952c2805f15
9f7ef3b405d900ff0a094366a371e588b2b237bc32ee0ba137dd9867a2f20d7a
9fc5fc887e2a0ad18a5136f7a2132ebcca631ca61e8669c52197a849c1b1aca1
a00e73bcc133e834c8daec18a33c23f3f2def217cd626f4c979b0374d63a68aa
a1d3a3e26c91ba85b3d9ac92db5f8335ea6994994a2538d4f47f5e919439d4c8
a6972c49e66fe3c5026a1a1e26a06c49995cec36fc522cb56461f5cf0b2b2978
a71bd54a0b412e2a987daa67d5203169a5973349249e9e563ebe78f9460ff2c1
a7382dd06b3e2279c5e4046426b583c17f7bfd30377033a2049d1f7f1a13ddfe
aeb96cc035a20b78028201732268893f1065705c287a740ed94a5613815c2c25
b262089aff66440a9664b16bc5541050a728ca80ce98c8756bd10353e5edde5d
b44994c64a6b67108462fe811a6ac32b4ea7bd9749931714c1d325b217841a67
b6ad7b1558f6bbd01707081eb925ffab4c53bd282a9f74bd39e45f3823dac777
bb0c0db8ccc7938c8d17d623e5e4055f8790a51a40c78f8fe57c2e24bbed567b
bb694533be9c29f2512d22a56a8955d6a4dd2028da24e64388afbe73ef1dbe1e
bb9467710e1a952c83b8c3d11603e2a83880e27ec4a4ca3803288e02cf3275d8
be235aeef05250ebd0496e4aff893fc4c2a0f459a18c2326517880b1fa779dea
c25b79f044d5037c9792be55ae6b3cf18a56da5df5bd344431188ebaab031c03
c9d50766d2f8af9893ec669b38ce3dcd4b7f0b2e1f4bca788ef9f2c02a9609b2
ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65
cb90437e6e80e8e6aaa268b8d38efe74a691732163778001083b3582c15c861f
d18f313f2489ed91cd15cf94a1e5668b8b0da8318f593d980228000a1757702f
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d9af2551784a3f4116f8ed6d1ec5e7bb3b619e3a8ed3a0399eb3bbe375b2775a
d9f9c1b8a5fa5db59d5f705edc27e4a3ffe9eedbcc225e622d2f8055c99f761c
def3cd591fff9b3958866afefa7cf7321de1d902dc9b85749986d6bc637deaf9
def9e061c234084f9709283b1982131b725bcc68b2ed4581f54d322103ee2f02
e0731a9c84bce53cb2a4ecaf08dc811585971a899fcbbb8d79e340efe56dcd95
e18a31e36435d1ab770385bc4891cba9ede46bf18e2852e4871ebbe1de50cac0
e269b0b63b7b5e183e60cefac1e9cc41fc930789a18dc497384b427aa74ea1cb
e2cdba8b1ff0a5dc4a5f88b397ec0789788233467372c668ff43a5cb535dba27
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4d5c28787419e7eaee569549d12df6ea9b1e7aa76e6f2a08b28ab812bfc1486
e5182523f59ba1baecf5a1ebc9994231e088592a940331952aa3124db80a757f
e95e113bfeb440a09cd08c80ee6dd2c15931a4851163a0d8075135d57f6c131c
eba4e1c2cce29282aa8fa6dd71e6046399b06e5d408e2f4c2c2763642572c842
ebcc80bf5e0568d173b31bee579c02a725832f916de3656f7a36f94df865d168
f25971722f28b79a04ea15105833196a2f708ed1b2b9378f6b1e092e604bb739
f453487a4e177cda0bbace5eb1ba7f468936488b95769b3de17349967e8fab9e
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f5954f0a829c02a8c57d814c998de13afa8d91f62cffdfe316c024bed3262d2e
f7cdf1b99e51212475107d8ee46cc03546111d482fc00c4708d76c9c2cffde17
fe05972ec9e5bdd020c2cbdeae20d95d5643888ee2198c4ebf1145b1d60d30ff
fe0f33a2350724f28a0cc88dde554347b209fc0b3077a579072e830dc38d2f74