URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Submission: On August 09 via manual from IN — Scanned from CA

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 19 HTTP transactions. The main IP is 74.200.9.130, located in Oakville, Canada and belongs to Q9-AS-BRAM, US. The main domain is portal.firstcdn.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on November 25th 2022. Valid for: a year.
This is the only time portal.firstcdn.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 74.200.9.130 36031 (Q9-AS-BRAM)
2 172.217.13.206 15169 (GOOGLE)
1 172.253.62.154 15169 (GOOGLE)
1 142.250.176.196 15169 (GOOGLE)
1 142.250.64.67 15169 (GOOGLE)
19 6
Apex Domain
Subdomains
Transfer
13 firstcdn.com
portal.firstcdn.com
240 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 55
21 KB
1 google.ca
www.google.ca — Cisco Umbrella Rank: 8480
408 B
1 google.com
www.google.com — Cisco Umbrella Rank: 3
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 115
351 B
0 googletagmanager.com Failed
www.googletagmanager.com Failed
19 6
Domain Requested by
13 portal.firstcdn.com portal.firstcdn.com
2 www.google-analytics.com portal.firstcdn.com
www.google-analytics.com
1 www.google.ca
1 www.google.com
1 stats.g.doubleclick.net www.google-analytics.com
0 www.googletagmanager.com Failed www.google-analytics.com
19 6

This site contains links to these domains. Also see Links.

Domain
www.fct.ca
fct.ca
Subject Issuer Validity Valid
portal.firstcdn.com
Entrust Certification Authority - L1M
2022-11-25 -
2023-12-10
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
www.google.com
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh
*.google.ca
GTS CA 1C3
2023-07-10 -
2023-10-02
3 months crt.sh

This page contains 1 frames:

Primary Page: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Frame ID: EC0752BAA14CC5809FFABAF8C5A8D39E
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Login to ILS

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
  • <input[^>]+name="__VIEWSTATE

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

95 %
HTTPS

0 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

262 kB
Transfer

262 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Portal.aspx
portal.firstcdn.com/Portal/
14 KB
17 KB
Document
General
Full URL
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
fa5eef75ac4ba88678c39de6f458b4f3f20b9ee07af2fca49f7d09ebf9ef7e73
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Content-Type
text/html; charset=utf-8
Date
Wed, 09 Aug 2023 04:35:40 GMT
Expires
Tue, 09 Aug 2022 04:35:40 GMT
Pragma
no-cache
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
X-AspNet-Version
4.0.30319
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN sameorigin
X-XSS-Protection
1; mode=block
jquery-1.9.1.min.js
portal.firstcdn.com/Portal/includes/
109 KB
111 KB
Script
General
Full URL
https://portal.firstcdn.com/Portal/includes/jquery-1.9.1.min.js
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
fbaa08e3a6ec4bf6bc703ff37e1a686a54e5f25da714c231dde7d3e241139d54
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
111589
X-XSS-Protection
1; mode=block
login.js
portal.firstcdn.com/Portal/includes/Page/
595 B
3 KB
Script
General
Full URL
https://portal.firstcdn.com/Portal/includes/Page/login.js
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
6da752877f55066860c306e8e2cd4cfdcdb0ba6932d3890de43ce22c0b563c01
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
595
X-XSS-Protection
1; mode=block
loader.js
portal.firstcdn.com/Portal/includes/
867 B
3 KB
Script
General
Full URL
https://portal.firstcdn.com/Portal/includes/loader.js?v=1.0.0
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
00d402fe85aae2f810c99f5e64440c8f86551f1a669c462fca9e46278ee12d9f
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
867
X-XSS-Protection
1; mode=block
Login_brand.css
portal.firstcdn.com/Portal/Includes/
13 KB
16 KB
Stylesheet
General
Full URL
https://portal.firstcdn.com/Portal/Includes/Login_brand.css
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
ad0d96be3e0f8b2c12156219b7423b7526d46db9fe6ed48f3a7ebfbde19b871a
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Transfer-Encoding
chunked
Content-Type
text/css
Accept-Ranges
bytes
X-XSS-Protection
1; mode=block
WebResource.axd
portal.firstcdn.com/Portal/
23 KB
25 KB
Script
General
Full URL
https://portal.firstcdn.com/Portal/WebResource.axd?d=dxxHijP8E2FvxQTjb03-HPzWkLybjswCBQtFxrqY1i8ijIFfK_lqh7S0I_uTOdsrrbm5KAOQsaWAGyVak3CEjLk-XV8Ta7ACdc8cfnzM-XE1&t=637823185705833095
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Tue, 08 Mar 2022 11:42:50 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Frame-Options
sameorigin
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
public
X-XSS-Protection
1; mode=block
Expires
Wed, 07 Aug 2024 23:27:33 GMT
encrypt.js
portal.firstcdn.com/Portal/includes/
12 KB
14 KB
Script
General
Full URL
https://portal.firstcdn.com/Portal/includes/encrypt.js
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
8f348d567755bd73bc24c4eb3dafdb62d980a5b2d442df153f14af4b73fd926d
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
12412
X-XSS-Protection
1; mode=block
functions.js
portal.firstcdn.com/Portal/includes/
24 KB
26 KB
Script
General
Full URL
https://portal.firstcdn.com/Portal/includes/functions.js
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
3e737fd1f0dca0cd4c1ca64ada44f0d53ecf0e15fbd04824e76bc46973778ea8
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
application/javascript
Accept-Ranges
bytes
Content-Length
24499
X-XSS-Protection
1; mode=block
FCT_LOGO_SMALL.png
portal.firstcdn.com/Portal/Images/
4 KB
6 KB
Image
General
Full URL
https://portal.firstcdn.com/Portal/Images/FCT_LOGO_SMALL.png
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
a06cd961c282d6662886a820412a8d164ca3c3f111236fd59130b87de691d0cd
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
3948
X-XSS-Protection
1; mode=block
loader-big.gif
portal.firstcdn.com/Portal/images/
8 KB
10 KB
Image
General
Full URL
https://portal.firstcdn.com/Portal/images/loader-big.gif
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
ac87229a9d77ed14f5e6af8315ab265b7f3a1a5bc2262e7d291fcd18004b89e4
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Portal.aspx?LanguageID=en-CA
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
image/gif
Accept-Ranges
bytes
Content-Length
8238
X-XSS-Protection
1; mode=block
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/includes/Page/login.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s05-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 09 Aug 2023 02:37:29 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
7092
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 09 Aug 2023 04:37:29 GMT
FCT_BAR_PORTAL.png
portal.firstcdn.com/Portal/Images/
1 KB
4 KB
Image
General
Full URL
https://portal.firstcdn.com/Portal/Images/FCT_BAR_PORTAL.png
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Includes/Login_brand.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
fd9a8238053995674c85a7c1ce46aa6ac6fd8aa0c7c466c6c1834f96dec9df84
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Includes/Login_brand.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
1504
X-XSS-Protection
1; mode=block
FCT_BLOCK_CORNER.png
portal.firstcdn.com/Portal/Images/
352 B
3 KB
Image
General
Full URL
https://portal.firstcdn.com/Portal/Images/FCT_BLOCK_CORNER.png
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Includes/Login_brand.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
0c971752b6c816fb6e354809bc9eeb5e59957ed4f18eafde7b093da145429ba6
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Includes/Login_brand.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
352
X-XSS-Protection
1; mode=block
FCT_BUTTON_ARROW.png
portal.firstcdn.com/Portal/Images/
266 B
2 KB
Image
General
Full URL
https://portal.firstcdn.com/Portal/Images/FCT_BUTTON_ARROW.png
Requested by
Host: portal.firstcdn.com
URL: https://portal.firstcdn.com/Portal/Includes/Login_brand.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
74.200.9.130 Oakville, Canada, ASN36031 (Q9-AS-BRAM, US),
Reverse DNS
portal.firstcdn.com
Software
Microsoft-IIS/10.0 /
Resource Hash
976029ba1601a9a33336a0cc9769c6da08e4708c344cb2c70dfff5f5137cec2e
Security Headers
Name Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/Portal/Includes/Login_brand.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Security-Policy
frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 04:35:40 GMT
Last-Modified
Thu, 09 Feb 2023 20:40:21 GMT
Server
Microsoft-IIS/10.0
ETag
"80a83ebac63cd91:0"
X-Frame-Options
sameorigin
Content-Type
image/png
Accept-Ranges
bytes
Content-Length
266
X-XSS-Protection
1; mode=block
collect
www.google-analytics.com/j/
16 B
224 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=756986036&t=pageview&_s=1&dl=https%3A%2F%2Fportal.firstcdn.com%2FPortal%2FPortal.aspx%3FLanguageID%3Den-CA&ul=en-us&de=UTF-8&dt=Login%20to%20ILS&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAAABAAAAACAAI~&jid=2077351734&gjid=214642356&cid=876274318.1691555741&tid=UA-25172785-11&_gid=1127758912.1691555741&_r=1&_slc=1&z=1047269161
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.13.206 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
yul03s05-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
bf6fcb921655301303c9509a7cdc59378f14db7fbcff60fb17c6acccfdbf39fb
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://portal.firstcdn.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 04:35:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://portal.firstcdn.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
351 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-25172785-11&cid=876274318.1691555741&jid=2077351734&gjid=214642356&_gid=1127758912.1691555741&_u=IEBAAAAAAAAAACAAI~&z=2027060255
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.253.62.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
bc-in-f154.1e100.net
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://portal.firstcdn.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 09 Aug 2023 04:35:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://portal.firstcdn.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
0
0

ga-audiences
www.google.com/ads/
42 B
408 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-25172785-11&cid=876274318.1691555741&jid=2077351734&_u=IEBAAAAAAAAAACAAI~&z=1679275295
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.176.196 Grosse Pointe, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s37-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 04:35:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/
42 B
408 B
Image
General
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-25172785-11&cid=876274318.1691555741&jid=2077351734&_u=IEBAAAAAAAAAACAAI~&z=1679275295
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.64.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s30-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://portal.firstcdn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 04:35:41 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-BKB9L9F68N&cx=c&_slc=1

Verdicts & Comments Add Verdict or Comment

144 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery string| GoogleAnalyticsObject function| ga function| showloader function| showloginloader object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY number| hexcase string| b64pad number| chrsz function| hex_md5 function| b64_md5 function| str_md5 function| hex_hmac_md5 function| b64_hmac_md5 function| str_hmac_md5 function| md5_vm_test function| core_md5 function| md5_cmn function| md5_ff function| md5_gg function| md5_hh function| md5_ii function| core_hmac_md5 function| safe_add function| bit_rol function| str2binl function| binl2str function| binl2hex function| binl2b64 function| SHA256 undefined| leftNav undefined| fctLogo undefined| programName string| navigationWarningMessage boolean| hasMessageToDisplay boolean| pageIsValid boolean| isRFIPage boolean| isForceNavigationWarning boolean| isDisableNavigationWarning boolean| isRemoveFormFields boolean| isButtonClicked boolean| pageRendered function| ReplacePortalKeyBehaviour function| ControlInputAction function| SetPageRendered function| InitFrame function| preventCrossFrameScripting function| setControlFocus function| initStrings function| confirmNavigateAway function| clearField function| clearFields function| getTotalInputValue function| assignTotalInputValue function| hasInputBeenModified function| doKeypress function| doBeforePaste function| removeChar function| containChar function| removeAngleBrackets function| doPaste function| showHideOtherDocumentName function| EnableDisableFileUpload function| adjustPagerDivWidth function| adjustTableDivHeight function| ProvinceGroupBoxOnAllSelect function| ProvinceGroupBoxOnCustomSelect function| ProvinceGroupBoxOnRadioButtonSelect function| SaveScrollPosition function| RetrieveSavedScrollPosition function| ShowDocumentWorkFlowQuestionsCheckListDialog function| InvokeLogout function| launchNewWindow function| launchNewDialog function| refreshOpenerLenderContactInfo number| _ie number| _ns function| accordion function| getRefToDiv function| toggleChildrenVisibility function| toggleListItemVisibility function| clearInputControls function| OnDeleteAppraiser function| OnAddAppraiser function| OnUpdateAppraiser function| cancelBubbleEvent function| adjustUserIdTextBox function| setCaptchaTimeoutFlag function| setForgetPasswordFormFieldStyle function| cancelButtonClickEvent function| HandleUnload function| ShowNextElement object| Page_ValidationSummaries object| LoginContentArea_valSummary object| inputElements object| textAreas object| selectElements object| objSep object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer

4 Cookies

Domain/Path Name / Value
portal.firstcdn.com/ Name: __RequestVerificationToken_L1BvcnRhbA2
Value: KYobUQjY1sfA2YuwWyOpr1Q5aSxuTW9L2SowbKz-LMvNA_DdUwbhz4KaFjpAa8Pa99qwQYUv9VLmc0soIl3gQTL4jl49oq65fpYi5K1YKhs1
.firstcdn.com/ Name: _ga
Value: GA1.2.876274318.1691555741
.firstcdn.com/ Name: _gid
Value: GA1.2.1127758912.1691555741
.firstcdn.com/ Name: _gat
Value: 1

1 Console Messages

Source Level URL
Text
security error URL: https://www.google-analytics.com/analytics.js(Line 23)
Message:
Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=G-BKB9L9F68N&cx=c&_slc=1' because it violates the following Content Security Policy directive: "script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://stats.g.doubleclick.net https://*.cloudfront.net blob: mailto: tel: *; default-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://www.google.com https://www.google.ca https://*.cloudfront.net 'self' data: blob:; script-src https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: blob: 'unsafe-inline' 'unsafe-eval'; style-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://*.google-analytics.com https://*.googleapis.com https://stats.g.doubleclick.net https://*.cloudfront.net 'self' data: 'unsafe-inline' blob:; connect-src http://*.prefirstcdn.com http://*.exfirstcdn.com http://*.firstcdn.com http://*.fct.ca https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://*.fct.ca https://*.qualtrics.com https://www.googletagmanager.com https://www.google-analytics.com https://stats.g.doubleclick.net https://*.cloudfront.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud blob:; frame-ancestors https://*.prefirstcdn.com https://*.exfirstcdn.com https://*.firstcdn.com https://stats.g.doubleclick.net https://*.cac1.pure.cloud wss://*.cac1.pure.cloud http://*.fct.ca https://*.fct.ca https://fct.zync-dev.ca blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN sameorigin
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

portal.firstcdn.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.googletagmanager.com
142.250.176.196
142.250.64.67
172.217.13.206
172.253.62.154
74.200.9.130
00d402fe85aae2f810c99f5e64440c8f86551f1a669c462fca9e46278ee12d9f
0c971752b6c816fb6e354809bc9eeb5e59957ed4f18eafde7b093da145429ba6
3e737fd1f0dca0cd4c1ca64ada44f0d53ecf0e15fbd04824e76bc46973778ea8
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
6da752877f55066860c306e8e2cd4cfdcdb0ba6932d3890de43ce22c0b563c01
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
8f348d567755bd73bc24c4eb3dafdb62d980a5b2d442df153f14af4b73fd926d
976029ba1601a9a33336a0cc9769c6da08e4708c344cb2c70dfff5f5137cec2e
a06cd961c282d6662886a820412a8d164ca3c3f111236fd59130b87de691d0cd
ac87229a9d77ed14f5e6af8315ab265b7f3a1a5bc2262e7d291fcd18004b89e4
ad0d96be3e0f8b2c12156219b7423b7526d46db9fe6ed48f3a7ebfbde19b871a
bf6fcb921655301303c9509a7cdc59378f14db7fbcff60fb17c6acccfdbf39fb
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fa5eef75ac4ba88678c39de6f458b4f3f20b9ee07af2fca49f7d09ebf9ef7e73
fbaa08e3a6ec4bf6bc703ff37e1a686a54e5f25da714c231dde7d3e241139d54
fd9a8238053995674c85a7c1ce46aa6ac6fd8aa0c7c466c6c1834f96dec9df84