Submitted URL: https://www.nestbank.pl/
Effective URL: https://nestbank.pl/
Submission: On December 04 via automatic, source certstream-suspicious

Summary

This website contacted 16 IPs in 5 countries across 10 domains to perform 67 HTTP transactions. The main IP is 193.105.248.157, located in Poland and belongs to NESTBANK, PL. The main domain is nestbank.pl.
TLS certificate: Issued by GeoTrust EV RSA CA 2018 on October 23rd 2018. Valid for: 2 years.
This is the only time nestbank.pl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
39 nestbank.pl nestbank.pl
4 assets.livecall.io www.googletagmanager.com
assets.livecall.io
4 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
nestbank.pl
3 www.google.com nestbank.pl
2 stats.g.doubleclick.net www.google-analytics.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.googleadservices.com www.googletagmanager.com
1 geoip.livecall.io assets.livecall.io
1 signalling.livecall.io assets.livecall.io
1 googleads4.g.doubleclick.net ad.doubleclick.net
1 pagead2.googlesyndication.com ad.doubleclick.net
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 ad.doubleclick.net www.googletagmanager.com
1 static.hotjar.com www.googletagmanager.com
1 www.googletagmanager.com nestbank.pl
1 www.nestbank.pl 1 redirects
0 www.google.de Failed nestbank.pl
67 18
Subject Issuer Validity Valid
www.nestbank.pl
GeoTrust EV RSA CA 2018
2018-10-23 -
2020-12-21
2 years crt.sh
*.google-analytics.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.hotjar.com
Amazon
2020-01-22 -
2021-02-22
a year crt.sh
*.doubleclick.net
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
assets.livecall.io
GTS CA 1D2
2020-10-16 -
2021-01-14
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
www.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
*.google.com
GTS CA 1O1
2020-11-03 -
2021-01-26
3 months crt.sh
le-9635851.t.livecall.io
R3
2020-12-04 -
2021-03-04
3 months crt.sh
le-16192417.ibm.livecall.io
Let's Encrypt Authority X3
2020-11-13 -
2021-02-11
3 months crt.sh

This page contains 2 frames:

Primary Page: https://nestbank.pl/
Frame ID: 548C8D1D7A4B03BC074C451A72AAC763
Requests: 66 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 38FFA348FF8C45A163CADADA4486D319
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.nestbank.pl/ HTTP 301
    https://nestbank.pl/ Page URL

Page Statistics

67
Requests

94 %
HTTPS

47 %
IPv6

10
Domains

18
Subdomains

16
IPs

5
Countries

3608 kB
Transfer

5767 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.nestbank.pl/ HTTP 301
    https://nestbank.pl/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

67 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
nestbank.pl/
Redirect Chain
  • https://www.nestbank.pl/
  • https://nestbank.pl/
53 KB
12 KB
Document
General
Full URL
https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
eaf2b01e9d2269aed2ad5d8c9420fedceacbcec8c95857ea9f74ce5d5fa588d8
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
nestbank.pl
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control
no-cache, must-revalidate
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Content-Encoding
deflate
Expires
-1
Vary
Accept-Encoding
Set-Cookie
CMSPreferredCulture=pl-PL; expires=Sat, 04-Dec-2021 08:12:32 GMT; path=/; HttpOnly CMSCsrfCookie=GTehekIFcnI38JKDQJpMk3V8tc0VEr+J/xgSXrLE; path=/; HttpOnly Nestbank_SessionId=sjj3wwlg3kdkenkcleju0avb; path=/; HttpOnly; SameSite=Lax;Secure ARRAffinity=3d5441d89571ce0f61b9e95030305b098d5217064ce55b8594585ab22cb42258;Path=/;Domain=nestbank.pl SESSION=!ZTqPy057Z0jpW5JkTtmBdzYPmD1YiY4kWsUdGJwUws7yFbgAfj5DJgOz7COiOahwe7oyEIjbboKNRB8=; path=/; Httponly; Secure
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Origin
*
Access-Control-Allow-Methods
GET,PUT,POST
Access-Control-Allow-Headers
Content-Type
Access-Control-Expose-Headers
Paging-Headers
Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Date
Fri, 04 Dec 2020 08:12:31 GMT
Content-Length
10478

Redirect headers

Location
https://nestbank.pl/
Server
BigIP
Connection
Keep-Alive
Content-Length
0
app.css
nestbank.pl/App_Themes/NestBank/css/
371 KB
58 KB
Stylesheet
General
Full URL
https://nestbank.pl/App_Themes/NestBank/css/app.css
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
11527d1ada48ad14144211da4d04d8b88de443969c814f993d489261878341a5
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Vary
Accept-Encoding
Content-Length
57627
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 20 Jul 2020 12:12:09 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
text/css
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
ETag
"8032c6fd8e5ed61:0"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
app.js
nestbank.pl/App_Themes/NestBank/scripts/
1 MB
312 KB
Script
General
Full URL
https://nestbank.pl/App_Themes/NestBank/scripts/app.js
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
500a31cd5bb770b5873948e486acf48797ac0872fc8db53f9b5a43df4d7cc58b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Vary
Accept-Encoding
Content-Length
318377
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 08 Jun 2020 13:12:21 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
ETag
"80285871963dd61:0"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
WebResource.axd
nestbank.pl/
23 KB
24 KB
Script
General
Full URL
https://nestbank.pl/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZBGdg_8SyTBwLV8CDLLM3vj1Ebp_4RaBhk15_DANH3kD-3iB1h5zUlCtscEqpr3efg2&t=637353050110221559
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 10 Sep 2020 01:23:31 GMT
X-XSS-Protection
1; mode=block
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public
Access-Control-Allow-Headers
Content-Type
Content-Length
23063
X-Content-Type-Options
nosniff
Expires
Fri, 03 Dec 2021 12:52:14 GMT
GetResource.ashx
nestbank.pl/CMSPages/
121 B
200 B
Script
General
Full URL
https://nestbank.pl/CMSPages/GetResource.ashx?scriptfile=~%2FCMSScripts%2FWebServiceCall.js
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.0
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
BigIP /
Resource Hash
640efc59b1019aad72a66017bda124cecd41bad309ad11cae3c7c1dd63c0a9fe

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Length
121
Server
BigIP
ScriptResource.axd
nestbank.pl/
100 KB
27 KB
Script
General
Full URL
https://nestbank.pl/ScriptResource.axd?d=NJmAwtEo3Ipnlaxl6CMhvtzXa0k38d87zpOM-BpHcC1hEqtlH63bKay6oQG7Zwh3qvXk3oJlTJOxgRRWb70z9gSwm5HUspzXEo7vRtd7xz8-rKK0v2mibLqSR0s-l43E4hhoRP7pxCjVXaIx3cXMqhM5EyD96LXplxC4Wz2ULA81&t=ffffffffdfc97409
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Length
25609
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 04 Dec 2020 04:25:23 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public
Access-Control-Allow-Headers
Content-Type
Expires
Sat, 04 Dec 2021 04:25:23 GMT
ScriptResource.axd
nestbank.pl/
39 KB
11 KB
Script
General
Full URL
https://nestbank.pl/ScriptResource.axd?d=dwY9oWetJoJoVpgL6Zq8OADRqWOsQUs4SFnUQJUF6k95plpOqvNDI88g2RpvWdK8FWStleHDZrtU5nQBvY9C4F2w7NyAl9C-0WyKnsFwdr5k-TemvnANZ4-XR4Fha7-l1x0BOOrOFT8HYSTKDyQ2Ykqjpy4cwW1JzvKnlZYk5oM1&t=ffffffffdfc97409
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Length
9984
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 04 Dec 2020 04:25:23 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public
Access-Control-Allow-Headers
Content-Type
Expires
Sat, 04 Dec 2021 04:25:23 GMT
gtm.js
www.googletagmanager.com/
190 KB
55 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WJHPTHT
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4f48dba9c443093e7bfadfada0976cba6589d8c9953576c08234de780310d535
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 08:12:32 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
56339
x-xss-protection
0
last-modified
Fri, 04 Dec 2020 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 04 Dec 2020 08:12:32 GMT
nestbank-logo.png
nestbank.pl/NestBank/media/NestBank/Struktura%20serwisu/
7 KB
9 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Struktura%20serwisu/nestbank-logo.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
698d4de529adea7d1ee84768978697137241c37d2943478ba63ee27123fbc6c2
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 13 Nov 2018 09:57:10 GMT
X-XSS-Protection
1; mode=block
ETag
"09f583e377bd41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
7552
X-Content-Type-Options
nosniff
Konta_605x605NEST-Ignacy-rece-X-min.jpg
nestbank.pl/NestBank/media/NestBank/Konta%20-%20oficjalne%20grafiki/Konta_605x605/
30 KB
31 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Konta%20-%20oficjalne%20grafiki/Konta_605x605/Konta_605x605NEST-Ignacy-rece-X-min.jpg
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
8e98bc6ff3ddc3d933fa916af6ee8a5cc00e7b6f25db8e04e03d042e5cc23cd6
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 04 Jun 2019 12:17:43 GMT
X-XSS-Protection
1; mode=block
ETag
"33cc1c83cf1ad51:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
30464
X-Content-Type-Options
nosniff
Nest_346_326.png
nestbank.pl/NestBank/media/NestBank/Lokaty/
57 KB
59 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Lokaty/Nest_346_326.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
a1929f2b18937a11af7d020f96f436fe30635854c4d4081a6b4048d33de36a47
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 16 Oct 2020 13:04:12 GMT
X-XSS-Protection
1; mode=block
ETag
"aeb8b7d7bca3d61:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
58756
X-Content-Type-Options
nosniff
NEST_ILUSTRACJE_Nest-Oszczednosci-(1).png
nestbank.pl/NestBank/media/NestBank/Kredyty%20oficjalne%20grafiki/346x326/
835 KB
836 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kredyty%20oficjalne%20grafiki/346x326/NEST_ILUSTRACJE_Nest-Oszczednosci-(1).png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
9284faa4ad3a4410ff2bb12b26fd6452b36c56acfc7d60ed64f957c6f404dd58
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Nov 2020 11:06:16 GMT
X-XSS-Protection
1; mode=block
ETag
"984b9b8251b7d61:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
855015
X-Content-Type-Options
nosniff
BLIK-grafika-bez-lukow.png
nestbank.pl/NestBank/media/NestBank/Bankowo%C5%9B%C4%87%20elektroniczna%20-%20oficjalne%20grafiki/BLIK/
2 MB
2 MB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Bankowo%C5%9B%C4%87%20elektroniczna%20-%20oficjalne%20grafiki/BLIK/BLIK-grafika-bez-lukow.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
1f00d34ad297faf13f312e3a70053221336940ef36bb9cc189cb8a417348f983
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Nov 2020 11:06:16 GMT
X-XSS-Protection
1; mode=block
ETag
"1aae9d8251b7d61:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1745272
X-Content-Type-Options
nosniff
dobry-start-346x326.png
nestbank.pl/NestBank/media/NestBank/Bankowo%C5%9B%C4%87%20elektroniczna%20-%20oficjalne%20grafiki/346x326/
36 KB
38 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Bankowo%C5%9B%C4%87%20elektroniczna%20-%20oficjalne%20grafiki/346x326/dobry-start-346x326.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
1da48ce801c649275aa7d6c6207ec6c468fd5eca18378101a728e000b5631ac0
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Nov 2020 11:06:17 GMT
X-XSS-Protection
1; mode=block
ETag
"91682e8351b7d61:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
37248
X-Content-Type-Options
nosniff
czech.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
1 KB
3 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/czech.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
d87c3470774af78d1ce5df2c91bec0f7950b472c66ad0d51c5c553601c3d4033
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:08 GMT
X-XSS-Protection
1; mode=block
ETag
"0e41db0adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1086
X-Content-Type-Options
nosniff
spadek
nestbank.pl/getmedia/1079abf7-ec60-46b3-ba8b-12b5028e50b8/
161 B
2 KB
Image
General
Full URL
https://nestbank.pl/getmedia/1079abf7-ec60-46b3-ba8b-12b5028e50b8/spadek
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
6c8cfcecf509daa3cb6e739125201f2da11659d0f9948deb7dc757441d1744e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="spadek.png"
Content-Length
161
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 23 Feb 2019 06:24:22 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"2/23/2019 6:24:22 AM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:32 GMT
norwegia.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
1 KB
3 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/norwegia.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
431f43d2082371f7ec0fb013b2b697197aff18c31d7ce5fc56453ea56f0bb663
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:10 GMT
X-XSS-Protection
1; mode=block
ETag
"0114fb1adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1067
X-Content-Type-Options
nosniff
szwecja.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
972 B
2 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/szwecja.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
8d85e92e1225118f4a66a214e6c474ccf2375e5beaef9710b7b6127a8c77e20a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:12 GMT
X-XSS-Protection
1; mode=block
ETag
"03e80b2adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
972
X-Content-Type-Options
nosniff
dania.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
1004 B
2 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/dania.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
64621744ef4b5ca3f3cc31ff7f6b17cfd9fc87e3deaae9a93be3d7e5a6572a23
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:08 GMT
X-XSS-Protection
1; mode=block
ETag
"0e41db0adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1004
X-Content-Type-Options
nosniff
rumunia.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
909 B
2 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/rumunia.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
f3109f4279010cd19bca5392b782dd9c0440da72bcbc4ef34e00431afddbad6c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:10 GMT
X-XSS-Protection
1; mode=block
ETag
"0114fb1adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
909
X-Content-Type-Options
nosniff
wegry.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
867 B
2 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/wegry.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
25be8e779bfca44d1404c54a6b38480d0fc644486e3c9665e846b14ecbcde1e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:12 GMT
X-XSS-Protection
1; mode=block
ETag
"03e80b2adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
867
X-Content-Type-Options
nosniff
stany.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
1 KB
3 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/stany.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
3cc6dadf854a3adcb716879159fbe6748a564c546d962fde0d0d9f4298f48f6a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:10 GMT
X-XSS-Protection
1; mode=block
ETag
"0114fb1adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1357
X-Content-Type-Options
nosniff
wzrost
nestbank.pl/getmedia/547958e5-d840-4ca5-a392-597a12401e2c/
154 B
2 KB
Image
General
Full URL
https://nestbank.pl/getmedia/547958e5-d840-4ca5-a392-597a12401e2c/wzrost
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
6f57c2d49d5f317beed68fd7d4ccad08c4f96f7198a7532db2c35250e08039f0
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="wzrost.png"
Content-Length
154
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sat, 23 Feb 2019 06:24:23 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"2/23/2019 6:24:23 AM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:33 GMT
szwajcaria.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
787 B
2 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/szwajcaria.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
4831b4ad5b53444cd0cace4f2da847605ea51d363400bbefcc5855afd20e7834
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:10 GMT
X-XSS-Protection
1; mode=block
ETag
"0114fb1adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
787
X-Content-Type-Options
nosniff
europa.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
1 KB
3 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/europa.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
8cdd44c48196c3921bff4dfd4799ecdec1179cacdf579582931eafdb31193a75
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:10 GMT
X-XSS-Protection
1; mode=block
ETag
"0114fb1adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1109
X-Content-Type-Options
nosniff
uk.png
nestbank.pl/NestBank/media/NestBank/Kursy%20walut/
1 KB
3 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Kursy%20walut/uk.png?ext=.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
f2f335dcd49d10880c6a74f6403b7571b86b68122fff00dd5e0e195216233fef
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 27 Feb 2019 15:04:12 GMT
X-XSS-Protection
1; mode=block
ETag
"03e80b2adced41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1333
X-Content-Type-Options
nosniff
phone
nestbank.pl/getmedia/4ce604fb-e783-4c85-adc1-5f262c4b66c3/
2 KB
4 KB
Image
General
Full URL
https://nestbank.pl/getmedia/4ce604fb-e783-4c85-adc1-5f262c4b66c3/phone
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
c1bf6f27abe617b4c181dcac6f19dbf68c727b34e446fadb9394207c659aedc6
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="phone.png"
Content-Length
2254
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 20 Nov 2018 17:54:53 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"11/20/2018 5:54:53 PM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:33 GMT
letter
nestbank.pl/getmedia/3807a5b4-3981-47f2-9b73-ab4d3c811d4a/
1 KB
3 KB
Image
General
Full URL
https://nestbank.pl/getmedia/3807a5b4-3981-47f2-9b73-ab4d3c811d4a/letter
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
c57d348c99771c6acda3ebcfde05476cb280aec352be851917b0774313cb63a3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="letter.png"
Content-Length
1037
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 20 Nov 2018 17:54:53 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"11/20/2018 5:54:53 PM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:33 GMT
marker
nestbank.pl/getmedia/e664bb43-9970-4344-84eb-ae76950d49a6/
2 KB
4 KB
Image
General
Full URL
https://nestbank.pl/getmedia/e664bb43-9970-4344-84eb-ae76950d49a6/marker
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
c391e5ed80467263d2dac3055a008ea70e6d8d1adcf4ee4b9255716f3be918f5
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="marker.png"
Content-Length
2206
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 20 Nov 2018 17:54:53 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"11/20/2018 5:54:53 PM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:33 GMT
help
nestbank.pl/getmedia/93287e11-e5a0-475a-8659-5ea18c7d11f8/
2 KB
4 KB
Image
General
Full URL
https://nestbank.pl/getmedia/93287e11-e5a0-475a-8659-5ea18c7d11f8/help
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
4207a8834a49108a620b320188c08cc3e7bda6a0d8a21d1e8f3fcd9803a52f01
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="help.png"
Content-Length
2432
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 20 Nov 2018 17:54:52 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"11/20/2018 5:54:52 PM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:33 GMT
google-play
nestbank.pl/getmedia/1afe2e42-7221-4df4-8115-0e172d737b5d/
4 KB
6 KB
Image
General
Full URL
https://nestbank.pl/getmedia/1afe2e42-7221-4df4-8115-0e172d737b5d/google-play
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
09fc6b253a6dcda9ce632eaf1ab674a2dd967c84c59ead2a923a75d9c2b3c5c7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="google-play.png"
Content-Length
3998
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 14 Nov 2018 10:08:43 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"11/14/2018 10:08:43 AM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:33 GMT
app-store
nestbank.pl/getmedia/b9bfd39e-bc9a-488d-9909-bd3a2123b690/
4 KB
5 KB
Image
General
Full URL
https://nestbank.pl/getmedia/b9bfd39e-bc9a-488d-9909-bd3a2123b690/app-store
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
8519253787cc3c1e2f4c4ce708408abea0435b7064232495dc37cf6c7751d55f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="app-store.png"
Content-Length
3587
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 14 Nov 2018 10:08:43 GMT
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"11/14/2018 10:08:43 AM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:33 GMT
Appgallery-133x40px.png
nestbank.pl/NestBank/media/NestBank/Struktura%20serwisu/
5 KB
7 KB
Image
General
Full URL
https://nestbank.pl/NestBank/media/NestBank/Struktura%20serwisu/Appgallery-133x40px.png
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
5143606b1262bcc2ee0929d991e631272ee807d994b3101ba86ae05e74425aab
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 13 Nov 2020 13:48:25 GMT
X-XSS-Protection
1; mode=block
ETag
"f37693a8c3b9d61:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
5581
X-Content-Type-Options
nosniff
cookie
nestbank.pl/getmedia/b440e91a-1f91-4cd1-9bf5-ff0768912ae5/
3 KB
4 KB
Image
General
Full URL
https://nestbank.pl/getmedia/b440e91a-1f91-4cd1-9bf5-ff0768912ae5/cookie
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
953c16dcfd4919912843903ad0a83777a71e33da9a8bf1a93b6fa4cef07299f3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Content-Disposition
inline; filename="cookie.png"
Content-Length
2842
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 22 Nov 2018 07:28:31 GMT
Date
Fri, 04 Dec 2020 08:12:33 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
public, must-revalidate
ETag
"11/22/2018 7:28:31 AM"
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Expires
Fri, 04 Dec 2020 08:12:33 GMT
analytics.js
www.google-analytics.com/
46 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJHPTHT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Fri, 23 Oct 2020 03:00:57 GMT
server
Golfe2
age
4962
date
Fri, 04 Dec 2020 06:49:50 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18817
expires
Fri, 04 Dec 2020 08:49:50 GMT
hotjar-1222140.js
static.hotjar.com/c/
7 KB
3 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1222140.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJHPTHT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.93.32 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-93-32.zrh50.r.cloudfront.net
Software
/
Resource Hash
249619728dfacbbcca7b381de6094f77a4026e7408e2e60f3af40d350b8f5214
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 08:11:54 GMT
content-encoding
br
x-content-type-options
nosniff
cache-control
max-age=60
age
39
etag
W/21d7c7faafe8060b3a9b66de564422fb
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
access-control-allow-origin
*
x-cache-hit
1
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
1PTiS4B3_4gMY57M3lG-LxKBWXX3oFRIS1dtBS91BeU1HCC49b1nGg==
via
1.1 4e0fd86f7afa735e772d6f7fe5e91f5b.cloudfront.net (CloudFront)
check.svg
nestbank.pl/App_Themes/NestBank/images/svg/
1 KB
3 KB
Image
General
Full URL
https://nestbank.pl/App_Themes/NestBank/images/svg/check.svg?FHlQ1
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/App_Themes/NestBank/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
11a81ffecd8b8c0f67661b5c21d2005f177ec7b4c3c9146470819fe5b5a3741b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/App_Themes/NestBank/css/app.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 20 Nov 2018 18:22:12 GMT
X-XSS-Protection
1; mode=block
ETag
"022a3f4fd80d41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1028
X-Content-Type-Options
nosniff
small-arrow-right.svg
nestbank.pl/App_Themes/NestBank/images/svg/
1 KB
3 KB
Image
General
Full URL
https://nestbank.pl/App_Themes/NestBank/images/svg/small-arrow-right.svg?2wAJw
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/App_Themes/NestBank/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
047d0fc4451fb67490dab3296ba22d112cd05e1504abf60dfe0f1eda73db8e4e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nestbank.pl/App_Themes/NestBank/css/app.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 20 Nov 2018 18:22:12 GMT
X-XSS-Protection
1; mode=block
ETag
"022a3f4fd80d41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
1107
X-Content-Type-Options
nosniff
lato-bold-webfont.woff2
nestbank.pl/App_Themes/NestBank/statics/fonts/lato/
20 KB
22 KB
Font
General
Full URL
https://nestbank.pl/App_Themes/NestBank/statics/fonts/lato/lato-bold-webfont.woff2?2_Hxv
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/App_Themes/NestBank/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
5824aea78dcee0f48c3f4e29ddf336419a10f482089ddc52663151f5313babe1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://nestbank.pl
Referer
https://nestbank.pl/App_Themes/NestBank/css/app.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 08 Jan 2019 15:42:14 GMT
X-XSS-Protection
1; mode=block
ETag
"04f6ba68a7d41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
20660
X-Content-Type-Options
nosniff
lato-regular-webfont.woff2
nestbank.pl/App_Themes/NestBank/statics/fonts/lato/
21 KB
23 KB
Font
General
Full URL
https://nestbank.pl/App_Themes/NestBank/statics/fonts/lato/lato-regular-webfont.woff2?3-tUS
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/App_Themes/NestBank/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
c67cac87953aa5ab7427b1ea39da576190d2e2fd06f0b00d288c7dadb6d2baef
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://nestbank.pl
Referer
https://nestbank.pl/App_Themes/NestBank/css/app.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 08 Jan 2019 15:42:14 GMT
X-XSS-Protection
1; mode=block
ETag
"04f6ba68a7d41:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
application/font-woff2
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
21860
X-Content-Type-Options
nosniff
IconFont.woff
nestbank.pl/App_Themes/NestBank/fonts/
4 KB
6 KB
Font
General
Full URL
https://nestbank.pl/App_Themes/NestBank/fonts/IconFont.woff?3z3dP
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/App_Themes/NestBank/css/app.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
d4ba241b529dbba6e3c9cdc4e521eb0b8c71f272bcfc38aed427a83730a40dfb
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://nestbank.pl
Referer
https://nestbank.pl/App_Themes/NestBank/css/app.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 20 Jul 2020 12:12:09 GMT
X-XSS-Protection
1; mode=block
ETag
"d8fd58fe8e5ed61:0"
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
application/x-font-woff
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Date
Fri, 04 Dec 2020 08:12:32 GMT
Accept-Ranges
bytes
Access-Control-Allow-Headers
Content-Type
Content-Length
4580
X-Content-Type-Options
nosniff
B20858496.216254122;sz=1x2;ord=1544336956;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=
ad.doubleclick.net/ddm/adj/N9439.197812NSO.CODESRV/
16 KB
6 KB
Script
General
Full URL
https://ad.doubleclick.net/ddm/adj/N9439.197812NSO.CODESRV/B20858496.216254122;sz=1x2;ord=1544336956;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJHPTHT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.210.6 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s07-in-f6.1e100.net
Software
cafe /
Resource Hash
459f92574db21a9d0814c7e2dbba388477f75fb85300b4f7b99220bf9bdb4eff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 08:12:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
5771
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget.js
assets.livecall.io/accounts/10217/
992 B
1 KB
Script
General
Full URL
https://assets.livecall.io/accounts/10217/widget.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJHPTHT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.33.136 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
136.33.241.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ccaea37a1980e94a6f714b6a78cb256ba25305b88c8bfef0eebbf71cf51f9b6c

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 07:53:50 GMT
age
1123
x-guploader-uploadid
ABg5-Ux6nsRxrWn34RyC9s2VcspsxdCIz3E6XXu2WrEE5xsYOv7ojlxWMSx--HgjnB9saDewmoB5RAZWMIAZCIOa744Qf7Encw
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
clear
content-length
992
last-modified
Tue, 11 Aug 2020 14:31:56 GMT
server
UploadServer
etag
"6cda3e4d277f30d876f7ec52c3bcf90a"
x-goog-hash
crc32c=c/HmCA==, md5=bNo+TSd/MNh29+xSw7z5Cg==
x-goog-generation
1597156316746325
access-control-allow-origin
*
cache-control
public, max-age=3600
x-goog-stored-content-length
992
accept-ranges
bytes
content-type
text/javascript
expires
Fri, 04 Dec 2020 08:53:50 GMT
active
nestbank.pl/api/alert/
4 B
1 KB
XHR
General
Full URL
https://nestbank.pl/api/alert/active
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/App_Themes/NestBank/scripts/app.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.105.248.157 , Poland, ASN196999 (NESTBANK, PL),
Reverse DNS
rev-193.105.248.157.fmbank.pl
Software
/
Resource Hash
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://nestbank.pl/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Content-Security-Policy
default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options
nosniff
Date
Fri, 04 Dec 2020 08:12:32 GMT
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET,PUT,POST
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
Paging-Headers
Cache-Control
no-cache
Access-Control-Allow-Headers
Content-Type
Content-Length
4
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Expires
-1
collect
stats.g.doubleclick.net/j/
4 B
145 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-84885901-4&cid=1616222159.1607069553&jid=1932082528&gjid=1308915399&_gid=328494663.1607069553&_u=YGBAgEADQAAAAE~&z=888971539
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 04 Dec 2020 08:12:33 GMT
content-type
text/plain
access-control-allow-origin
https://nestbank.pl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.google-analytics.com/gtm/
82 KB
33 KB
Script
General
Full URL
https://www.google-analytics.com/gtm/js?id=GTM-TFCNM42&t=gtm3&cid=1616222159.1607069553
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8b3b20105dc7f740f1f41e88ec17749247208746cd598dd0142f20cc9b92bfd3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 08:12:33 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
33053
x-xss-protection
0
last-modified
Fri, 04 Dec 2020 06:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 04 Dec 2020 08:12:33 GMT
collect
www.google-analytics.com/
35 B
384 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j87&a=1591919962&t=pageview&_s=1&dl=https%3A%2F%2Fnestbank.pl%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Lokaty%2C%20kredyty%2C%20konta%20bankowe%20i%20oszcz%C4%99dno%C5%9Bciowe%20%7C%20Nest%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAgEADQ~&jid=1932082528&gjid=1308915399&cid=1616222159.1607069553&tid=UA-84885901-4&_gid=328494663.1607069553&gtm=2wgb41WJHPTHT&cg1=&cd1=&cd2=false&z=418039513
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Dec 2020 11:57:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
72892
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
modules.cd1eea15fc08cdfc520a.js
script.hotjar.com/
221 KB
58 KB
Script
General
Full URL
https://script.hotjar.com/modules.cd1eea15fc08cdfc520a.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1222140.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.93.65 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-93-65.zrh50.r.cloudfront.net
Software
/
Resource Hash
111c30ae4af9de766906943523d941cfb3912988d2809e3c06a586c8cdc6a2b5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Thu, 03 Dec 2020 13:43:54 GMT
content-encoding
br
x-content-type-options
nosniff
age
66519
x-cache
Hit from cloudfront
content-length
59017
access-control-allow-origin
*
last-modified
Thu, 03 Dec 2020 13:40:16 GMT
etag
"287e696726014b2f68d2f33283503367"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 25d46f0dbca17b9a78cca036e17d8ad3.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
ZRH50-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
VgBx2r1KIQCHRrjlbri68x0tvS_vHE3xEu-26zGxlmINHyEcEd9KBw==
ga-audiences
www.google.com/ads/
42 B
118 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-84885901-4&cid=1616222159.1607069553&jid=1932082528&_u=YGBAgEADQAAAAE~&z=223640559
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 08:12:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
0
0

collect
stats.g.doubleclick.net/j/
4 B
421 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j87&tid=UA-84885901-1&cid=1616222159.1607069553&jid=989035893&gjid=1976933188&_gid=328494663.1607069553&_u=aGDAgEADQAAAAE~&z=830387196
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:400c:c09::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Fri, 04 Dec 2020 08:12:33 GMT
content-type
text/plain
access-control-allow-origin
https://nestbank.pl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/
35 B
58 B
Image
General
Full URL
https://www.google-analytics.com/collect?v=1&_v=j87&a=1591919962&t=pageview&_s=1&dl=https%3A%2F%2Fnestbank.pl%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Lokaty%2C%20kredyty%2C%20konta%20bankowe%20i%20oszcz%C4%99dno%C5%9Bciowe%20%7C%20Nest%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aGDAgEADQAAAAE~&jid=989035893&gjid=1976933188&cid=1616222159.1607069553&tid=UA-84885901-1&_gid=328494663.1607069553&gtm=2wgb41WJHPTHT&cg1=&cd1=&cd2=false&z=1793898280
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 03 Dec 2020 11:57:41 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
72892
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 38FF
0
0
Document
General
Full URL
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1222140.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.93.123 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-93-123.zrh50.r.cloudfront.net
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://nestbank.pl/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://nestbank.pl/

Response headers

content-type
text/html
content-length
851
date
Mon, 23 Nov 2020 17:01:03 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
etag
"d594f1d4c3e5dbd6b556c60d34e0daea"
last-modified
Mon, 23 Nov 2020 15:41:01 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 110750d14d1d900cd5c76d0ac872f5dd.cloudfront.net (CloudFront)
x-amz-cf-pop
ZRH50-C1
x-amz-cf-id
zArdzP1-KCuRxbz5N1geF1jks6xrFdSLT3ZL0-dBJDBrwKApQaFOfA==
age
918690
ga-audiences
www.google.com/ads/
42 B
235 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-84885901-1&cid=1616222159.1607069553&jid=989035893&_u=aGDAgEADQAAAAE~&z=1005920510
Requested by
Host: nestbank.pl
URL: https://nestbank.pl/
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 08:12:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
0
0

omrhp.js
pagead2.googlesyndication.com/pagead/js/r20201201/r20110914/elements/html/
6 KB
3 KB
Script
General
Full URL
https://pagead2.googlesyndication.com/pagead/js/r20201201/r20110914/elements/html/omrhp.js
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9439.197812NSO.CODESRV/B20858496.216254122;sz=1x2;ord=1544336956;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fa3748e2366d5ba5f4a7b6c8154809725b6bfb7843743837384c70f060b33503
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 07:23:58 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2915
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
2649
x-xss-protection
0
server
cafe
etag
804181672847865866
vary
Accept-Encoding, Origin
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1209600
timing-allow-origin
*
expires
Fri, 18 Dec 2020 07:23:58 GMT
view
googleads4.g.doubleclick.net/pcs/
0
683 B
Other
General
Full URL
https://googleads4.g.doubleclick.net/pcs/view?xai=AKAOjsvnNToW93keDb-eVHctBRkrIb9gh7fbkbg6PgbXwDszx0-cs2aLClLN4IDyB3YB-C6SqsQlKZ-_h1BgJ-ZoxnquR3ugz010neNZYVSiQTkOSvuGRZVqIbMg&sig=Cg0ArKJSzH9_a454TiO0EAE&urlfix=1&omid=0&rm=1&ctpt=1&cbvp=1&cisv=r20201201.69946&adurl=
Requested by
Host: ad.doubleclick.net
URL: https://ad.doubleclick.net/ddm/adj/N9439.197812NSO.CODESRV/B20858496.216254122;sz=1x2;ord=1544336956;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

timing-allow-origin
*
date
Fri, 04 Dec 2020 08:12:33 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
access-control-allow-origin
*
cache-control
private
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
livecall-widget.js
assets.livecall.io/assets/
311 KB
97 KB
Script
General
Full URL
https://assets.livecall.io/assets/livecall-widget.js
Requested by
Host: assets.livecall.io
URL: https://assets.livecall.io/accounts/10217/widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.33.136 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
136.33.241.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
bdba7c73383d3213f0f65a3f1bf90748068916b3600f5bbe9f92bd64531b08f3

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 08:12:33 GMT
content-encoding
gzip
x-guploader-uploadid
ABg5-UymkhA7i0SAx4W4JGy4Ye1S3Hyoszxi7ho2NmGcTfyOERwzjh7HKZVHOeOAFEVRXG9i6meJdDvKM68bpCW-BnNSTpaqJQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
99389
last-modified
Fri, 16 Oct 2020 12:14:20 GMT
server
UploadServer
etag
"6c28e8a63a22a43b772dc7eb40ced1a1"
x-goog-hash
crc32c=nKR8BQ==, md5=bCjopjoipDt3LcfrQM7RoQ==
x-goog-generation
1602850460935951
access-control-allow-origin
*
cache-control
no-transform
x-goog-stored-content-length
99389
accept-ranges
bytes
content-type
application/javascript
expires
Sat, 04 Dec 2021 08:12:33 GMT
widget-65fee9d471594f286f1a20a73cc4b03b.css
assets.livecall.io/assets/
195 KB
18 KB
Stylesheet
General
Full URL
https://assets.livecall.io/assets/widget-65fee9d471594f286f1a20a73cc4b03b.css
Requested by
Host: assets.livecall.io
URL: https://assets.livecall.io/assets/livecall-widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.33.136 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
136.33.241.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
62b80422752220b7109ca4a06b14353e604ee9495f5136cb3aeba66a61c8d3c2

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 08:12:33 GMT
content-encoding
gzip
x-guploader-uploadid
ABg5-UxrwIfqFt0EE-8wRtMdVNIik2-kCJjsEQ_FIGOU0cyk5Y540qsvUprT-IaZl3Z8PYDNoUsNHMjZHl54CFW6mW0fYaDs2g
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
18011
last-modified
Fri, 16 Oct 2020 12:14:21 GMT
server
UploadServer
etag
"8d94961e526b11c9f4814bc107f40616"
x-goog-hash
crc32c=kikkVA==, md5=jZSWHlJrEcn0gUvBB/QGFg==
x-goog-generation
1602850461512696
access-control-allow-origin
*
cache-control
no-transform
x-goog-stored-content-length
18011
accept-ranges
bytes
content-type
text/css
expires
Sat, 04 Dec 2021 08:12:33 GMT
locations
signalling.livecall.io/accounts/10217/
545 B
563 B
XHR
General
Full URL
https://signalling.livecall.io/accounts/10217/locations
Requested by
Host: assets.livecall.io
URL: https://assets.livecall.io/assets/livecall-widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
158.177.70.186 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
ba.46.b19e.ip4.static.sl-reverse.com
Software
nginx/1.17.7 / Express
Resource Hash
cb6b232b6ec253b0a90074d06c32ca451b84c2c7523001c8e691b637c1a6eb47
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Fri, 04 Dec 2020 08:12:33 GMT
content-encoding
gzip
etag
W/"221-8UPv6S3h+17bTe3R9ttrpCvWUX4"
server
nginx/1.17.7
x-powered-by
Express
vary
Accept-Encoding, Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
strict-transport-security
max-age=15724800; includeSubDomains
intl-tel-input-utils-widget.js
assets.livecall.io/assets/
222 KB
53 KB
Script
General
Full URL
https://assets.livecall.io/assets/intl-tel-input-utils-widget.js
Requested by
Host: assets.livecall.io
URL: https://assets.livecall.io/assets/livecall-widget.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.33.136 , Ascension Island, ASN15169 (GOOGLE, US),
Reverse DNS
136.33.241.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
fa2319cdf7ad7ef2b3594bee5001a7366a3052b735775d58f895b1d5c1df23c6

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 08:12:33 GMT
content-encoding
gzip
x-guploader-uploadid
ABg5-UzEfEW1-3XIqQFKvAOx3YdV3ucjFZ4tkSMX7h4eW_jhEg11rXDLH6SRwdfebUA9NP8YCLtNVQydxyKIUmDkf-I
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
clear
content-length
53691
last-modified
Fri, 16 Oct 2020 12:14:20 GMT
server
UploadServer
etag
"0f41a54eb12cb7f6a344803af9394434"
x-goog-hash
crc32c=maEprA==, md5=D0GlTrEst/ajRIA6+TlENA==
x-goog-generation
1602850460260847
access-control-allow-origin
*
cache-control
no-transform
x-goog-stored-content-length
53691
accept-ranges
bytes
content-type
application/javascript
expires
Sat, 04 Dec 2021 08:12:33 GMT
/
geoip.livecall.io/json/
21 B
217 B
XHR
General
Full URL
https://geoip.livecall.io/json/
Requested by
Host: assets.livecall.io
URL: https://assets.livecall.io/assets/livecall-widget.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
158.177.70.186 , United States, ASN36351 (SOFTLAYER, US),
Reverse DNS
ba.46.b19e.ip4.static.sl-reverse.com
Software
nginx/1.17.7 /
Resource Hash
0178c4609a83f021b91043045c7d599848ee3909060125b1afd942440f5e33a2
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept
*/*
Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 04 Dec 2020 08:12:33 GMT
server
nginx/1.17.7
etag
W/"15-kY1++OgzfvL7RiZ/Z3732QhmDnA"
content-length
21
strict-transport-security
max-age=15724800; includeSubDomains
content-type
application/json; charset=utf-8
conversion_async.js
www.googleadservices.com/pagead/
30 KB
12 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJHPTHT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.23.98 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil04s23-in-f2.1e100.net
Software
cafe /
Resource Hash
5fb46ad88af0181f8aa600691dadedc2d6dd1946603b69bc36385f68efdd01a3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Fri, 04 Dec 2020 08:12:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
12174
x-xss-protection
0
server
cafe
etag
1959326039972715456
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 04 Dec 2020 08:12:33 GMT
collect
www.google-analytics.com/j/
0
0

/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819543010/
2 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819543010/?random=1607069553728&cv=9&fst=1607069553728&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fnestbank.pl%2F&tiba=Lokaty%2C%20kredyty%2C%20konta%20bankowe%20i%20oszcz%C4%99dno%C5%9Bciowe%20%7C%20Nest%20Bank&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
95498ffde5ef785fb69ebedc1008213f3ead1c051f65091fc751308d5c797cf4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 08:12:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051="googleads.g.doubleclick.net:443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1037
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/819543010/
42 B
96 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/819543010/?random=1607069553728&cv=9&fst=1607068800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&frm=0&url=https%3A%2F%2Fnestbank.pl%2F&tiba=Lokaty%2C%20kredyty%2C%20konta%20bankowe%20i%20oszcz%C4%99dno%C5%9Bciowe%20%7C%20Nest%20Bank&async=1&fmt=3&is_vtc=1&random=1872844371&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:802::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://nestbank.pl/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 04 Dec 2020 08:12:33 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/819543010/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-84885901-4&cid=1616222159.1607069553&jid=1932082528&_u=YGBAgEADQAAAAE~&z=223640559
Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j87&tid=UA-84885901-1&cid=1616222159.1607069553&jid=989035893&_u=aGDAgEADQAAAAE~&z=1005920510
Domain
www.google-analytics.com
URL
https://www.google-analytics.com/j/collect?v=1&_v=j87&a=1591919962&t=event&ni=1&_s=1&dl=https%3A%2F%2Fnestbank.pl%2F&dp=%2F&ul=en-us&de=UTF-8&dt=Lokaty%2C%20kredyty%2C%20konta%20bankowe%20i%20oszcz%C4%99dno%C5%9Bciowe%20%7C%20Nest%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll%20depth&ea=%2F&el=25%25&_u=aHDAAEADQAAAAG~&jid=1759291551&gjid=1282431308&cid=1616222159.1607069553&tid=UA-84885901-4&_gid=328494663.1607069553&_r=1&gtm=2wgb41WJHPTHT&cg1=&cd1=&cd2=false&cd3=0&z=272632368
Domain
www.google.de
URL
https://www.google.de/pagead/1p-user-list/819543010/?random=1607069553728&cv=9&fst=1607068800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wgb41&sendb=1&frm=0&url=https%3A%2F%2Fnestbank.pl%2F&tiba=Lokaty%2C%20kredyty%2C%20konta%20bankowe%20i%20oszcz%C4%99dno%C5%9Bciowe%20%7C%20Nest%20Bank&async=1&fmt=3&is_vtc=1&random=1872844371&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Verdicts & Comments Add Verdict or Comment

137 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dataLayer object| google_tag_manager function| postscribe object| google_tag_data string| firstLevelPagePath string| GoogleAnalyticsObject function| ga function| hj object| _hjSettings object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| $ function| jQuery object| Foundation function| tmp function| ChoiceField function| ListBox function| ComboBox function| EditBox function| Button function| PushButton function| RadioButton function| CheckBox function| TextField function| PasswordField object| AcroForm function| html2pdf function| _jzlib_Deflater function| Deflater function| RGBColor function| PNG object| define=>undefined,exports=>undefined object| app object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY function| PM_Postback function| PM_Callback function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events object| CMS function| createCookie function| readCookie object| count object| alerts function| formContactUsCb function| formConsultantRequestCb function| formConfirmationSMSCb object| gaplugins object| gaGlobal object| gaData object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| google_optimize function| clsn object| dicnf function| btrp function| pdib3 function| vv function| stcc object| _livecallSettings function| omrhp object| lcader function| lcfine function| lcquireModule function| lcquire function| lcquirejs object| livecallClient object| intlTelInputUtils function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO

16 Cookies

Domain/Path Name / Value
.nestbank.pl/ Name: _hjFirstSeen
Value: 1
.nestbank.pl/ Name: _hjid
Value: d381c19f-6fb0-47b2-963c-d81819fb5631
nestbank.pl/ Name: SESSION
Value: !ZTqPy057Z0jpW5JkTtmBdzYPmD1YiY4kWsUdGJwUws7yFbgAfj5DJgOz7COiOahwe7oyEIjbboKNRB8=
.nestbank.pl/ Name: _dc_gtm_UA-84885901-4
Value: 1
.nestbank.pl/ Name: _gat_UA-84885901-4
Value: 1
.nestbank.pl/ Name: _gid
Value: GA1.2.328494663.1607069553
.nestbank.pl/ Name: _hjAbsoluteSessionInProgress
Value: 0
.nestbank.pl/ Name: _ga
Value: GA1.2.1616222159.1607069553
nestbank.pl/ Name: Nestbank_SessionId
Value: sjj3wwlg3kdkenkcleju0avb
nestbank.pl/ Name: CMSCsrfCookie
Value: GTehekIFcnI38JKDQJpMk3V8tc0VEr+J/xgSXrLE
nestbank.pl/ Name: scrpt
Value: 1
nestbank.pl/ Name: livecall-account-10217
Value: 2043bf9a-b2b4-4fca-b708-1b4b08f13805
.nestbank.pl/ Name: _gcl_au
Value: 1.1.1485962902.1607069553
.nestbank.pl/ Name: ARRAffinity
Value: 3d5441d89571ce0f61b9e95030305b098d5217064ce55b8594585ab22cb42258
.nestbank.pl/ Name: _dc_gtm_UA-84885901-1
Value: 1
nestbank.pl/ Name: CMSPreferredCulture
Value: pl-PL

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.nestbank.pl *.doubleclick.net https://www.maptiler.com https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.google.com *.googletagmanager.com *.hotjar.com *.hotjar.io *.livecall.io; img-src 'self' data: blob: *.googletagmanager.com *.google-analytics.com *.google.com *.google.pl *.gstatic.com *.doubleclick.net *.livecall.io; font-src 'self' data: *.googleapis.com *.gstatic.com *.livecall.io; style-src 'self' 'unsafe-inline' *.livecall.io *.google.com *.gstatic.com *.googleapis.com *.livecall.io; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.nestbank.pl *.googlesyndication.com *.googletagmanager.com *.google-analytics.com *.google.com *.googleadservices.com *.doubleclick.net *.hotjar.com *.livecall.io; child-src 'self' blob: *.nestbank.pl https://api.maptiler.com https://maps.tilehosting.com https://api.mapbox.com https://www.youtube.com *.hotjar.com *.hotjar.io *.livecall.io https://optimize.google.com;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ad.doubleclick.net
assets.livecall.io
geoip.livecall.io
googleads.g.doubleclick.net
googleads4.g.doubleclick.net
nestbank.pl
pagead2.googlesyndication.com
script.hotjar.com
signalling.livecall.io
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.nestbank.pl
www.google-analytics.com
www.google.de
13.224.93.123
13.224.93.32
13.224.93.65
158.177.70.186
172.217.23.98
193.105.248.157
216.58.210.6
2a00:1450:4001:802::2004
2a00:1450:4001:806::2008
2a00:1450:4001:80b::200e
2a00:1450:4001:81a::2004
2a00:1450:4001:81b::2002
2a00:1450:4001:824::200e
2a00:1450:400c:c09::9a
35.241.33.136
0178c4609a83f021b91043045c7d599848ee3909060125b1afd942440f5e33a2
047d0fc4451fb67490dab3296ba22d112cd05e1504abf60dfe0f1eda73db8e4e
09fc6b253a6dcda9ce632eaf1ab674a2dd967c84c59ead2a923a75d9c2b3c5c7
111c30ae4af9de766906943523d941cfb3912988d2809e3c06a586c8cdc6a2b5
11527d1ada48ad14144211da4d04d8b88de443969c814f993d489261878341a5
11a81ffecd8b8c0f67661b5c21d2005f177ec7b4c3c9146470819fe5b5a3741b
1da48ce801c649275aa7d6c6207ec6c468fd5eca18378101a728e000b5631ac0
1f00d34ad297faf13f312e3a70053221336940ef36bb9cc189cb8a417348f983
249619728dfacbbcca7b381de6094f77a4026e7408e2e60f3af40d350b8f5214
25be8e779bfca44d1404c54a6b38480d0fc644486e3c9665e846b14ecbcde1e7
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
3cc6dadf854a3adcb716879159fbe6748a564c546d962fde0d0d9f4298f48f6a
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
4207a8834a49108a620b320188c08cc3e7bda6a0d8a21d1e8f3fcd9803a52f01
431f43d2082371f7ec0fb013b2b697197aff18c31d7ce5fc56453ea56f0bb663
459f92574db21a9d0814c7e2dbba388477f75fb85300b4f7b99220bf9bdb4eff
4831b4ad5b53444cd0cace4f2da847605ea51d363400bbefcc5855afd20e7834
4f48dba9c443093e7bfadfada0976cba6589d8c9953576c08234de780310d535
500a31cd5bb770b5873948e486acf48797ac0872fc8db53f9b5a43df4d7cc58b
5143606b1262bcc2ee0929d991e631272ee807d994b3101ba86ae05e74425aab
5824aea78dcee0f48c3f4e29ddf336419a10f482089ddc52663151f5313babe1
5fb46ad88af0181f8aa600691dadedc2d6dd1946603b69bc36385f68efdd01a3
62b80422752220b7109ca4a06b14353e604ee9495f5136cb3aeba66a61c8d3c2
640efc59b1019aad72a66017bda124cecd41bad309ad11cae3c7c1dd63c0a9fe
64621744ef4b5ca3f3cc31ff7f6b17cfd9fc87e3deaae9a93be3d7e5a6572a23
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
698d4de529adea7d1ee84768978697137241c37d2943478ba63ee27123fbc6c2
6c8cfcecf509daa3cb6e739125201f2da11659d0f9948deb7dc757441d1744e7
6f57c2d49d5f317beed68fd7d4ccad08c4f96f7198a7532db2c35250e08039f0
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
8519253787cc3c1e2f4c4ce708408abea0435b7064232495dc37cf6c7751d55f
8b3b20105dc7f740f1f41e88ec17749247208746cd598dd0142f20cc9b92bfd3
8cdd44c48196c3921bff4dfd4799ecdec1179cacdf579582931eafdb31193a75
8d85e92e1225118f4a66a214e6c474ccf2375e5beaef9710b7b6127a8c77e20a
8e98bc6ff3ddc3d933fa916af6ee8a5cc00e7b6f25db8e04e03d042e5cc23cd6
9284faa4ad3a4410ff2bb12b26fd6452b36c56acfc7d60ed64f957c6f404dd58
953c16dcfd4919912843903ad0a83777a71e33da9a8bf1a93b6fa4cef07299f3
95498ffde5ef785fb69ebedc1008213f3ead1c051f65091fc751308d5c797cf4
a1929f2b18937a11af7d020f96f436fe30635854c4d4081a6b4048d33de36a47
bdba7c73383d3213f0f65a3f1bf90748068916b3600f5bbe9f92bd64531b08f3
c1bf6f27abe617b4c181dcac6f19dbf68c727b34e446fadb9394207c659aedc6
c391e5ed80467263d2dac3055a008ea70e6d8d1adcf4ee4b9255716f3be918f5
c57d348c99771c6acda3ebcfde05476cb280aec352be851917b0774313cb63a3
c67cac87953aa5ab7427b1ea39da576190d2e2fd06f0b00d288c7dadb6d2baef
cb6b232b6ec253b0a90074d06c32ca451b84c2c7523001c8e691b637c1a6eb47
ccaea37a1980e94a6f714b6a78cb256ba25305b88c8bfef0eebbf71cf51f9b6c
d4ba241b529dbba6e3c9cdc4e521eb0b8c71f272bcfc38aed427a83730a40dfb
d87c3470774af78d1ce5df2c91bec0f7950b472c66ad0d51c5c553601c3d4033
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e441c3e2771625ba05630ab464275136a82c99650ee2145ca5aa9853bedeb01b
eaf2b01e9d2269aed2ad5d8c9420fedceacbcec8c95857ea9f74ce5d5fa588d8
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f2f335dcd49d10880c6a74f6403b7571b86b68122fff00dd5e0e195216233fef
f3109f4279010cd19bca5392b782dd9c0440da72bcbc4ef34e00431afddbad6c
fa2319cdf7ad7ef2b3594bee5001a7366a3052b735775d58f895b1d5c1df23c6
fa3748e2366d5ba5f4a7b6c8154809725b6bfb7843743837384c70f060b33503