app.monarchmoney.com Open in urlscan Pro
2606:4700:10::6816:3c79 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://app.monarchmoney.com/
Submission: On August 26 via manual (August 26th 2024, 6:09:09 pm UTC) from US — Scanned from DE

Summary HTTP 139 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 37 IPs in 5 countries across 29 domains to perform 139 HTTP transactions. The main IP is 2606:4700:10::6816:3c79, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.monarchmoney.com. The Cisco Umbrella rank of the primary domain is 290135.
TLS certificate: Issued by WE1 on July 17th 2024. Valid for: 3 months.

This is the only time app.monarchmoney.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
19	2606:4700:10:... 2606:4700:10::6816:3c79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	13.33.187.40 13.33.187.40	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42::396 2a04:4e42::396	54113 (FASTLY) (FASTLY)
1	34.117.162.98 34.117.162.98	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
7	2.21.20.12 2.21.20.12	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:bdf::67 2620:1ec:bdf::67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	52.222.214.118 52.222.214.118	16509 (AMAZON-02) (AMAZON-02)
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
2	2600:1901:1:7... 2600:1901:1:7c5::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	52.152.143.207 52.152.143.207	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
21	2606:4700:10:... 2606:4700:10::6816:3d79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	35.186.247.156 35.186.247.156	15169 (GOOGLE) (GOOGLE)
1	13.224.189.85 13.224.189.85	16509 (AMAZON-02) (AMAZON-02)
4	104.18.72.113 104.18.72.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223d:e600:9:a6e8:8080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:401... 2a00:1450:4013:c07::54	15169 (GOOGLE) (GOOGLE)
2 4	142.250.185.196 142.250.185.196	15169 (GOOGLE) (GOOGLE)
1	23.218.69.7 23.218.69.7	16625 (AKAMAI-AS) (AKAMAI-AS)
2	184.24.77.152 184.24.77.152	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
9	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
2	13.224.189.121 13.224.189.121	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:275... 2600:9000:275b:6c00:6:5671:b9c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:26e... 2600:9000:26e8:d600:d:cf84:bb40:93a1	16509 (AMAZON-02) (AMAZON-02)
3	216.58.206.34 216.58.206.34	15169 (GOOGLE) (GOOGLE)
2	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
2	2620:1ec:33:1... 2620:1ec:33:1::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:827::200e	15169 (GOOGLE) (GOOGLE)
2 2	172.217.18.98 172.217.18.98	15169 (GOOGLE) (GOOGLE)
2	216.58.212.131 216.58.212.131	15169 (GOOGLE) (GOOGLE)
2	52.86.181.185 52.86.181.185	14618 (AMAZON-AES) (AMAZON-AES)
1	104.16.51.111 104.16.51.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.186.224.24 35.186.224.24	15169 (GOOGLE) (GOOGLE)
139	37

19 2606:4700:10::6816:3c79 (United States)

ASN13335 (CLOUDFLARENET, US)

app.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.187.40 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-40.fra60.r.cloudfront.net

cdn.plaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.162.98 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 98.162.117.34.bc.googleusercontent.com

pixel.byspotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.21.20.12 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-12.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:bdf::67 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.118 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-118.fra56.r.cloudfront.net

cdn.userleap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:1:7c5:: (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

pixels.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 52.152.143.207 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

o.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2606:4700:10::6816:3d79 (United States)

ASN13335 (CLOUDFLARENET, US)

features.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
status.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.224.189.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-85.fra2.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223d:e600:9:a6e8:8080:93a1 (United States)

ASN16509 (AMAZON-02, US)

events-cdn.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4013:c07::54 (Groningen, Netherlands)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.196 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.218.69.7 (Haarlem, Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-218-69-7.deploy.static.akamaitechnologies.com

appleid.cdn-apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.24.77.152 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-24-77-152.deploy.static.akamaitechnologies.com

sdk-api-v1.singular.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.224.189.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-189-121.fra2.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:275b:6c00:6:5671:b9c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

streaming.split.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:26e8:d600:d:cf84:bb40:93a1 (United States)

ASN16509 (AMAZON-02, US)

events-api.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 216.58.206.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lcfraa-aa-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:827::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.18.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s42-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.58.212.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s46-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.86.181.185 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-86-181-185.compute-1.amazonaws.com

api.sprig.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.51.111 (None, )

ASN13335 (CLOUDFLARENET, US)

monarchmoney.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.224.24 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 24.224.186.35.bc.googleusercontent.com

pixels.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	monarchmoney.com app.monarchmoney.com — Cisco Umbrella Rank: 290135 features.monarchmoney.com — Cisco Umbrella Rank: 85321 api.monarchmoney.com — Cisco Umbrella Rank: 133732 status.monarchmoney.com — Cisco Umbrella Rank: 204046 events-cdn.monarchmoney.com — Cisco Umbrella Rank: 426671 events-api.monarchmoney.com — Cisco Umbrella Rank: 271249	3 MB
9	segment.com cdn.segment.com — Cisco Umbrella Rank: 3005	48 KB
8	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 1114 o.clarity.ms — Cisco Umbrella Rank: 12757	30 KB
7	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 963	139 KB
5	google.com 2 redirects accounts.google.com — Cisco Umbrella Rank: 46 www.google.com — Cisco Umbrella Rank: 10	87 KB
5	sentry.io sentry.io — Cisco Umbrella Rank: 196	552 B
4	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 3854 ekr.zdassets.com — Cisco Umbrella Rank: 4356	288 KB
3	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 176	24 KB
3	stripe.com js.stripe.com — Cisco Umbrella Rank: 2856	157 KB
3	spotify.com pixels.spotify.com — Cisco Umbrella Rank: 5057	371 B
2	sprig.com api.sprig.com — Cisco Umbrella Rank: 6000	1 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6716	128 B
2	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 77	48 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104	86 KB
2	bing.com bat.bing.com — Cisco Umbrella Rank: 534	16 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	70 KB
2	singular.net sdk-api-v1.singular.net — Cisco Umbrella Rank: 4433	307 B
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 3241 alb.reddit.com — Cisco Umbrella Rank: 1969	761 B
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1561	13 KB
1	zendesk.com monarchmoney.zendesk.com — Cisco Umbrella Rank: 395342	942 B
1	split.io streaming.split.io — Cisco Umbrella Rank: 5063
1	gstatic.com www.gstatic.com	215 KB
1	cdn-apple.com appleid.cdn-apple.com — Cisco Umbrella Rank: 5013	17 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	724 B
1	t.co t.co — Cisco Umbrella Rank: 979	378 B
1	userleap.com cdn.userleap.com — Cisco Umbrella Rank: 120065	26 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	byspotify.com pixel.byspotify.com — Cisco Umbrella Rank: 12410	22 KB
1	plaid.com cdn.plaid.com — Cisco Umbrella Rank: 29210	45 KB
139	29

	Domain	Requested by
19	app.monarchmoney.com	app.monarchmoney.com
15	features.monarchmoney.com	app.monarchmoney.com
9	cdn.segment.com	app.monarchmoney.com events-cdn.monarchmoney.com
7	analytics.tiktok.com	app.monarchmoney.com analytics.tiktok.com
5	sentry.io	app.monarchmoney.com
5	o.clarity.ms	www.clarity.ms app.monarchmoney.com
4	www.google.com	2 redirects app.monarchmoney.com www.gstatic.com
4	api.monarchmoney.com	app.monarchmoney.com
3	www.googleadservices.com	cdn.segment.com www.googleadservices.com
3	static.zdassets.com	app.monarchmoney.com static.zdassets.com
3	js.stripe.com	app.monarchmoney.com js.stripe.com
3	pixels.spotify.com	pixel.byspotify.com app.monarchmoney.com
3	www.clarity.ms	app.monarchmoney.com www.clarity.ms bat.bing.com
2	api.sprig.com	app.monarchmoney.com
2	www.google.de	app.monarchmoney.com
2	googleads.g.doubleclick.net	2 redirects
2	www.google-analytics.com	cdn.segment.com www.google-analytics.com
2	bat.bing.com	cdn.segment.com bat.bing.com
2	connect.facebook.net	cdn.segment.com connect.facebook.net
2	events-api.monarchmoney.com	app.monarchmoney.com
2	sdk-api-v1.singular.net	app.monarchmoney.com
2	status.monarchmoney.com	app.monarchmoney.com
2	www.redditstatic.com	app.monarchmoney.com www.redditstatic.com
1	monarchmoney.zendesk.com	static.zdassets.com
1	streaming.split.io	app.monarchmoney.com
1	www.gstatic.com	www.google.com
1	ekr.zdassets.com	app.monarchmoney.com
1	appleid.cdn-apple.com	app.monarchmoney.com
1	accounts.google.com	app.monarchmoney.com
1	events-cdn.monarchmoney.com	app.monarchmoney.com
1	alb.reddit.com	app.monarchmoney.com
1	pixel-config.reddit.com	www.redditstatic.com
1	analytics.twitter.com	app.monarchmoney.com
1	t.co	app.monarchmoney.com
1	cdn.userleap.com	app.monarchmoney.com
1	static.ads-twitter.com	app.monarchmoney.com
1	pixel.byspotify.com	app.monarchmoney.com
1	cdn.plaid.com	app.monarchmoney.com
139	38

This site contains links to these domains. Also see Links.

Domain
policies.google.com

Subject Issuer	Validity	Valid
monarchmoney.com WE1	`2024-07-17` - `2024-10-15`	3 months	crt.sh
secure.plaid.com DigiCert EV RSA CA G2	`2024-03-12` - `2025-03-11`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
pixel.byspotify.com WR3	`2024-08-19` - `2024-11-17`	3 months	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
userleap.com Amazon RSA 2048 M02	`2024-08-09` - `2025-09-06`	a year	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
*.spotify.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-05` - `2025-02-04`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-03` - `2025-07-22`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-07-23` - `2024-10-24`	3 months	crt.sh
zdassets.com E6	`2024-06-29` - `2024-09-27`	3 months	crt.sh
accounts.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
appleid.cdn-apple.com Apple Public EV Server RSA CA 2 - G1	`2024-06-06` - `2024-12-03`	6 months	crt.sh
*.singular.net DigiCert TLS RSA SHA256 2020 CA1	`2024-03-06` - `2025-03-06`	a year	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
streaming.split.io Amazon RSA 2048 M03	`2024-02-10` - `2025-03-09`	a year	crt.sh
*.googleadservices.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-05` - `2024-09-03`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
istio-gateway.sprig.com Amazon RSA 2048 M03	`2024-04-22` - `2025-05-21`	a year	crt.sh
monarchmoney.zendesk.com E5	`2024-08-22` - `2024-11-20`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://app.monarchmoney.com/
Frame ID: 45FB74D6056AB802A09BF6891D5C377E
Requests: 112 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html
Frame ID: F4952B1B9A1812B066C8007710F0A0F8
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfQ4tUpAAAAAFa5LWIcYBPtAC2wsirC-CUZvhyy&co=aHR0cHM6Ly9hcHAubW9uYXJjaG1vbmV5LmNvbTo0NDM.&hl=de&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=invisible&cb=qj1vm7kibzgb
Frame ID: 31F7C9BA6FDBC1F259058779FCD7B8C9
Requests: 1 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-3d13daa.js
Frame ID: E8C6F956163EE8A7B64FEFB50B05B3F0
Requests: 3 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: 4CC24A9BAC295A887A5E9302A46416E1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Monarch | Sign In

Detected technologies

Apple Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

appleid\.auth\.js

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

Page Statistics

139
Requests

81 %
HTTPS

32 %
IPv6

29
Domains

38
Subdomains

37
IPs

5
Countries

3953 kB
Transfer

15130 kB
Size

19
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 123

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=1861490009&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSidldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI5pq3qaCTiAMV4-gRCB2e3yqvMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS HTTP 302
https://www.google.com/pagead/1p-conversion/AW-794001205/?random=1861490009&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSidldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI5pq3qaCTiAMV4-gRCB2e3yqvMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfow6Z9l0f6tovs0z1gCuU4GaEDlVJsw&random=1746030633&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1861490009&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSidldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI5pq3qaCTiAMV4-gRCB2e3yqvMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfow6Z9l0f6tovs0z1gCuU4GaEDlVJsw&random=1746030633&resp=GooglemKTybQhCsO&ipr=y

Request Chain 124

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=18694309&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCJzHsQJKJ2V2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI8py3qaCTiAMVGfARCB101hkiMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS HTTP 302
https://www.google.com/pagead/1p-conversion/AW-794001205/?random=18694309&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCJzHsQJKJ2V2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI8py3qaCTiAMVGfARCB101hkiMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnf1a_OIDQQnw2rJS92BWflWfT5ERIaXQ&random=2290117491&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=18694309&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCJzHsQJKJ2V2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI8py3qaCTiAMVGfARCB101hkiMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnf1a_OIDQQnw2rJS92BWflWfT5ERIaXQ&random=2290117491&resp=GooglemKTybQhCsO&ipr=y

139 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
app.monarchmoney.com/ 5 KB
9 KB 437ms
335ms Document
text/html 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2587000eee27625be5673b4dee08a84369e33a593159d30d5d823e4b461924bc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8b95c534ef741c2c-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
content-type: text/html; charset=UTF-8
date: Mon, 26 Aug 2024 18:08:59 GMT
expect-ct: max-age=0
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy: no-referrer
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724695739&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=iSEXNAVIxSgDBUZZ0r7aqd0uVqqFqhscuZIu%2BkgS1mM%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724695739&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=iSEXNAVIxSgDBUZZ0r7aqd0uVqqFqhscuZIu%2BkgS1mM%3D
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 analytics.js Show response
app.monarchmoney.com/ 2 KB
6 KB 474ms
471ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/analytics.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43a69bf8acf4aeee012a6f5a59b0c76ba1f8069bb82008849f284fa7a2db0344

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"608-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c5371bc51c2c-FRA

GET
H2 200 reddit.js Show response
app.monarchmoney.com/ 465 B
6 KB 352ms
349ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/reddit.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2fd60d2e910b8c256dab0c90c0dade58dd216eca76d0ff8f44e1ab12ce4eb08

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"1d1-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c5371bce1c2c-FRA

GET
H2 200 spotify.js Show response
app.monarchmoney.com/ 560 B
7 KB 340ms
338ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/spotify.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

849caf8a45bf4b74df6ae5f9e16fa4ecb6a4434b62cd834b9c4f631c6839bf1d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"230-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c5371bd21c2c-FRA

GET
H2 200 tiktok.js Show response
app.monarchmoney.com/ 1 KB
6 KB 478ms
476ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/tiktok.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2000e8bfea9f1a65578b79ac87bd2c0f936bd27c6990677d5ab072f24946d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"543-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c5371be11c2c-FRA

GET
H2 200 clarity.js Show response
app.monarchmoney.com/ 341 B
6 KB 444ms
442ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/clarity.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3daef9cbafb6f4fdb45a1ae5d15c4648e1612d0dc9a371bf9944c9f3b35415d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"155-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c5371be51c2c-FRA

GET
H2 200 twitter.js Show response
app.monarchmoney.com/ 444 B
6 KB 348ms
346ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/twitter.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4668b42c8c5e63f3aa1987896ce3aedc2c13a44c1fc6eb2d115ffca2cfc3a611

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"1bc-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c5371be71c2c-FRA

GET
H2 200 userleap.js Show response
app.monarchmoney.com/ 475 B
6 KB 369ms
367ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/userleap.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b95963e2f0fbf8eb7463870ebe01ea25daf8e13128cbba25edc36f1038ad5f5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"1db-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c5371be81c2c-FRA

GET
H2 200 link-initialize.js Show response
cdn.plaid.com/link/v2/stable/ 157 KB
45 KB 180ms
78ms Script
text/javascript 13.33.187.40
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.33.187.40 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-33-187-40.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b7ab3e7e2db63a50fa18c8651c930147cc4bf8207af2c1ca742b37f0e299c22d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: J0kfvzWbmb7aDKhbaA8S7AvdogqOjMh6
content-encoding: br
via: 1.1 46b6cb3d5daab7defe28d3658c3a54fe.cloudfront.net (CloudFront)
date: Mon, 26 Aug 2024 17:00:29 GMT
x-amz-request-id: 7RYHNB87Y3A4D2T3
x-amz-cf-pop: FRA60-P9
x-amz-server-side-encryption: AES256
age: 4184
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-id-2: qT4m+5VFQiWdlcUAE0RV00qw9OKGDVE/SvW4rHalGUYJrAdHeuS+gDlZkM2iZMRm1b+xtlQA/Y8seDCjw/GKb76k8tDa1ygiBpolbU2F/Fk=
last-modified: Fri, 23 Aug 2024 16:38:07 GMT
server: AmazonS3
etag: W/"461bf6554d3d03bd4daeda6cb3748701"
vary: Accept-Encoding
content-type: text/javascript
cache-control: no-cache,must-revalidate,max-age=0
x-amz-cf-id: oX-7htldkfnkr4gq_3KQrf3GA9ASST4n8s15IGxTIYOezWa5Od2y3g==

GET
H2 200 693.8ac79289.js Show response
app.monarchmoney.com/static/js/ 6 MB
1 MB 346ms
346ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/js/693.8ac79289.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1a48590c19760375afb598df10f0deb2b5ca7ff527fa3a691c086fdc063395c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
server: cloudflare
etag: W/"622274-191810b9e60"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c53a18f11c2c-FRA

GET
H2 200 main.59845e90.js Show response
app.monarchmoney.com/static/js/ 4 MB
835 KB 409ms
409ms Script
application/javascript 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/js/main.59845e90.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1841814c013e399421904854b29e07a73d4d7bf44ca1f57f0a853d7aba9ac814

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
server: cloudflare
etag: W/"414e49-191810b9e60"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457637&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=MEWc1nXrHBQVzqOVz78i7PVnzLnGxVSpbRzyuJUASDk%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c53a18fb1c2c-FRA

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 170ms
51ms Script
application/javascript 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/reddit.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 20 Jun 2024 19:23:03 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 12116

GET
H2 200 ping.min.js Show response
pixel.byspotify.com/ 22 KB
22 KB 152ms
42ms Script
text/javascript 34.117.162.98
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.byspotify.com/ping.min.js
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/spotify.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.162.98 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 98.162.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 17:33:37 GMT
via: 1.1 google
age: 2123
x-guploader-uploadid: AHxI1nMBl9sXYC4Dh6_ptqBzM7eYrGuNPjeKXqvIL01Uzy-NeD9cJvYfnVjc7UGrxSsTn3CMnvbiYhFTBg
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22096
last-modified: Tue, 25 Jun 2024 13:55:33 GMT
server: UploadServer
etag: "4eddeec95afda969b3d1b2fb970c1eb1"
x-goog-generation: 1719323733334567
x-goog-hash: crc32c=NZyeaA==, md5=Tt3uyVr9qWmz0bL7lwwesQ==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 22096
accept-ranges: bytes
expires: Mon, 26 Aug 2024 18:33:37 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 271ms
147ms Script
application/javascript 2.21.20.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CAG18GJC77U2NHFFNB3G&lib=ttq
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/tiktok.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-20-12.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a985c483acb5886d3fddfa51bc6217f061de9a45a6b18a828a8c0b2a980a7564

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: aa947dda.b11e60f2
date: Mon, 26 Aug 2024 18:09:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24082618090088D5353ABCC4F801A739-593173ED7C6C9D9F-00
x-cache: TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time: 103,23.51.23.76
server-timing: cdn-cache; desc=MISS, edge; dur=93, origin; dur=12, inner; dur=3
content-length: 2123
pragma: no-cache
server: nginx
x-tt-logid: 2024082618090088D5353ABCC4F801A739
x-cache-remote: TCP_MISS from a23-48-200-167.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 12,23.48.200.167
x-tt-trace-host: 017d0578f327b57d1558311a3c4228a5162e3b9a5427002f4321c03cd941a7890ec42f36604d62bd7d93d076f2b9cd4ec3afb04d05d6a75f6139d1872c112e4c4318c6f54a09768b4541f2467ff96ba09374941fedc5db81a19c6cb30308918bd632d1bc3dcc55c7651b6ff8a45237e3ab
expires: Mon, 26 Aug 2024 18:09:00 GMT

GET
H2 200 hjy3lwdr3i Show response
www.clarity.ms/tag/ 586 B
842 B 388ms
210ms Script
application/x-javascript 2620:1ec:bdf::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hjy3lwdr3i
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/clarity.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: dcb35daf1d2978be617bd7d1ab747a2a7544df53aa042b6c5378e93c22764060

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
date: Mon, 26 Aug 2024 18:09:00 GMT
x-azure-ref: 20240826T180900Z-r1bf48c9547x46lry95d97v3kc00000002k000000000gf9c
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 586
expires: -1

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 159ms
41ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/twitter.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220137-FRA

GET
H2 200 shim.js Show response
cdn.userleap.com/ 82 KB
26 KB 163ms
46ms Script
application/javascript 52.222.214.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userleap.com/shim.js?id=jhOvgs1si6
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/userleap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-118.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a6a10759097db886e581ff34a0b28693b7cbfa96a750b09cc9428fbfeedd890c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: enqC92bU54sTqUUdz1ExZXvyXevd1_JJ
content-encoding: br
via: 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
date: Mon, 26 Aug 2024 08:09:54 GMT
last-modified: Mon, 19 Aug 2024 20:43:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 35949
x-amz-server-side-encryption: AES256
etag: W/"84a5259a7a3a0e6f0e8a6d82220be6de"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: jEZhILMX2xmpelJAV2DVgbKsqreISAg8PAVcCP69iZaP0RjDsxUnHQ==

GET
H2 200 adsct
t.co/1/i/ 43 B
378 B 426ms
292ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=83952218-112b-4aaf-ae69-884d86364a17&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=62c3257a-e298-4711-a023-149a49c57d31&tw_document_href=https%3A%2F%2Fapp.monarchmoney.com%2F&tw_iframe_status=0&txn_id=ocmu9&type=javascript&version=2.3.30

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 185
date: Mon, 26 Aug 2024 18:09:00 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: b21d56964a3b9ef6
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 0177526959446ed0ad7ed62eced27a8a43456781cba46b6eb089ad2891d83467
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
724 B 262ms
153ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=83952218-112b-4aaf-ae69-884d86364a17&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=62c3257a-e298-4711-a023-149a49c57d31&tw_document_href=https%3A%2F%2Fapp.monarchmoney.com%2F&tw_iframe_status=0&txn_id=ocmu9&type=javascript&version=2.3.30

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 104
date: Mon, 26 Aug 2024 18:09:00 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 4b97320c4adc44bf
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 2646602761d7700b6fca7275a2f8fb96f1a34a2aa9e5ac679b128969f1aa3316
content-length: 43

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_5u6sm01h/ 3 B
124 B 133ms
42ms XHR
application/json 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_5u6sm01h/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-encoding: gzip
via: 1.1 varnish
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
content-length: 27

GET
H2 200 t2_5u6sm01h_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
699 B 159ms
62ms XHR
application/json 2a04:4e42::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_5u6sm01h_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 97

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 131ms
43ms Image
image/gif 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1724695740732&id=t2_5u6sm01h&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=71ea68b3-29b5-4ca7-8e5f-1dc4d405abea&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

POST
H2 200 ingest Show response
pixels.spotify.com/v1/ 52 B
271 B 64ms
59ms Fetch
application/json 2600:1901:1:7c5::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.spotify.com/v1/ingest

Requested by

Host: pixel.byspotify.com
URL: https://pixel.byspotify.com/ping.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:7c5:: , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

envoy /

Resource Hash

af626b854a946518a3a3c508ee9824e78ae985c5cda705c1d2a3fdaafe2254c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
grpc-status: 0
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
grpc-encoding: identity
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://app.monarchmoney.com
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
grpc-accept-encoding: gzip,x-snappy-framed

OPTIONS
H2 200 ingest
pixels.spotify.com/v1/ Frame 0
0 156ms
49ms Preflight 2600:1901:1:7c5::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.spotify.com/v1/ingest
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:1:7c5:: , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-origin: https://app.monarchmoney.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 26 Aug 2024 18:09:00 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

GET
H2 200 main.MTcwODM0ODQ4MQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 331 KB
94 KB 47ms
47ms Script
application/javascript 2.21.20.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CAG18GJC77U2NHFFNB3G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-20-12.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: de0a685865e11857eb59fc72c7bc426af104c0307e099ba7377d4afe6503058d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b11e65ab
date: Mon, 26 Aug 2024 18:09:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 2024082301182766802DE30082395AB083
x-tt-trace-id: 00-24082301182766802DE30082395AB083-7B323EB91F2C8904-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01c2611199e2ccfb34cc02aa3602d8a29ded345a2f553c75924084351d23a236b4e782b667d6186dd6a423c860463dc88219641525347e62fbbdf6be3737aa98633c2d1068d29dfbfddfbef748b9019154053ad2ac142220c5fc979453e9f72e0f
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length: 95191

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.45/ 64 KB
27 KB 99ms
93ms Script
application/javascript 2620:1ec:bdf::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.45/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hjy3lwdr3i
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:00 GMT
content-encoding: br
last-modified: Sun, 25 Aug 2024 09:53:41 GMT
etag: W/"0x8DCC4EBCCD5C176"
vary: Accept-Encoding
x-azure-ref: 20240826T180900Z-r1bf48c9547x46lry95d97v3kc00000002k000000000gf9x
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 0ea381b7-701e-004c-6cbf-f7beeb000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 52ms
51ms Script
application/javascript 2.21.20.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-20-12.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: b11e6ad2
date: Mon, 26 Aug 2024 18:09:00 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202407291241400FD24978CC7CF219B6FE
x-tt-trace-id: 00-2407291241400FD24978CC7CF219B6FE-428198FBC983D920-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 010240f9bfa9233b40906e0a677053b422a55632c74722725ed36a615635e69ddb6a5c32f31d9cf2266422b4055b90882cdaedf4db31bd0cafdff03b345a0873724e20c46e6adde5b55001ad8623970ba64518ed05c6472a901b835b5289f18346
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=10
content-length: 39492

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
859 B 227ms
223ms Ping
text/plain 2.21.20.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-20-12.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 2773143a.b11e6bc6
date: Mon, 26 Aug 2024 18:09:01 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240826180901612F929783E85EDEF033-32366B7454BE8E6D-00
x-cache: TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time: 175,23.51.23.76
server-timing: cdn-cache; desc=MISS, edge; dur=93, origin; dur=86, inner; dur=79
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240826180901612F929783E85EDEF033
x-cache-remote: TCP_MISS from a23-48-200-168.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 86,23.48.200.168
x-tt-trace-host: 017d0578f327b57d1558311a3c4228a5162e3b9a5427002f4321c03cd941a7890eea8c07c88b76c51ca46d0e64b6a86bfe959149da73b24d3d40ecb479d5dc134ec4cb3f76a497a5eef411caa0d01e11034c785fd36a542726e62bae19d00dfab38a8b8371259e7f756147d0de73395e7d
access-control-allow-headers: Authorization,*
expires: Mon, 26 Aug 2024 18:09:01 GMT

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
284 B 394ms
123ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.45/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://app.monarchmoney.com
Date: Mon, 26 Aug 2024 18:09:01 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
716 B 180ms
178ms Ping
text/plain 2.21.20.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-20-12.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: b11e7442
date: Mon, 26 Aug 2024 18:09:01 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240826180901190F97052E26BB01C5D5-2A0F855F0ECC1C11-00
x-cache: TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
server-timing: inner; dur=16, cdn-cache; desc=MISS, edge; dur=6, origin; dur=129
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240826180901190F97052E26BB01C5D5
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 129,23.51.23.76
x-tt-trace-host: 017d0578f327b57d1558311a3c4228a5165bacb3718a453cc74ff9c4184e56fe319fe2305eb3f0d72693cecf26c05de808d40fdba358e91e3b0dabd364ce63d71a01e6495612b68addd0e433f4393259ef76af285b2a2363b6a518ab8cf57fef5b
access-control-allow-headers: Authorization,*
expires: Mon, 26 Aug 2024 18:09:01 GMT

OPTIONS
H2 200 UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ Frame 0
0 243ms
125ms Preflight 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status: DYNAMIC
cf-ray: 8b95c5487ecd9948-FRA
content-length: 37
date: Mon, 26 Aug 2024 18:09:02 GMT
retry-after: 0
server: cloudflare
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
x-amz-cf-id: ocFmSvIDmD1RGXpSczfj5jbYixg8vysPLdsWg72-YHDZyCPQfo8Okg==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-cache-hits: 0
x-served-by: cache-ams2100140-AMS
x-timer: S1724695743.877708,VS0,VE0

OPTIONS
H2 200 2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb
features.monarchmoney.com/sdk/api/mySegments/ Frame 0
0 246ms
132ms Preflight 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status: DYNAMIC
cf-ray: 8b95c5487ed09948-FRA
content-length: 37
date: Mon, 26 Aug 2024 18:09:02 GMT
retry-after: 0
server: cloudflare
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish, 1.1 f75afc04e5fb2b66fe286e4f840886c6.cloudfront.net (CloudFront)
x-amz-cf-id: ZsRT29kJtC1_gEXP0vXG0hslXX-_TeWo_BYZf3mJUZcHvTpxAB6_bA==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-cache-hits: 0
x-served-by: cache-ams21081-AMS
x-timer: S1724695743.880055,VS0,VE0

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 545ms
523ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8b95c5489efd9948-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:09:03 GMT
http_x_request_id: 34316d41373d46efa966c561eda95b8c
server: cloudflare
vary: Origin

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 542ms
521ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8b95c5489ef69948-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:09:03 GMT
http_x_request_id: 914abbb4c69542c8bda65fd51864ca06
server: cloudflare
vary: Origin

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 599ms
579ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8b95c5489ef99948-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:09:03 GMT
http_x_request_id: 1a52b1067f2b49e39ebff3bc246b2074
server: cloudflare
vary: Origin

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 532ms
515ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8b95c5489efa9948-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:09:03 GMT
http_x_request_id: c414551b291146a1a58a6c968c44962b
server: cloudflare
vary: Origin

OPTIONS graphql
api.monarchmoney.com/ Frame 0
0

OPTIONS
H2 200 splitChanges
features.monarchmoney.com/sdk/api/ Frame 0
0 75ms
72ms Preflight 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status: DYNAMIC
cf-ray: 8b95c549c8249948-FRA
content-length: 37
date: Mon, 26 Aug 2024 18:09:03 GMT
retry-after: 0
server: cloudflare
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
x-amz-cf-id: SZBH-7i3ecprzeESmESROAFhh9j64A9x1CxoncnL7twewfOnBweEZw==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-cache-hits: 0
x-served-by: cache-ams21038-AMS
x-timer: S1724695743.032295,VS0,VE0

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
324 B 247ms
151ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 v3 Show response
js.stripe.com/ 647 KB
157 KB 167ms
49ms Script
text/javascript 13.224.189.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-85.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

fbe85154b0a64dc98fbcb645f30f97ee21441d65ff4928a96521feb7131c7cc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:08:14 GMT
content-encoding: br
via: 1.1 8f20db43ba7579b7216cf908572d5054.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 49
x-amz-cf-pop: FRA2-C1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 26 Aug 2024 18:00:33 GMT
server: Cloudfront
etag: W/"d5b38ce0fab3fdbd623659f3450b8854"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: SdAsDKNmmMHySlKoCgQGCU0220u8TWPjWoWOiic1b7d6u6A6Ez7dag==

GET
H2 200 UNKNOWN Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
544 B 83ms
83ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 varnish, 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
x-cache: Hit from cloudfront
content-length: 41
x-served-by: cache-iad-kiad7000133-IAD, cache-fra-eddf8230098-FRA
server: cloudflare
x-timer: S1724695743.681376,VS0,VE0
etag: "1000002"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kiad7000133-IAD-e4bdf414-3421-4c47-a340-e922355297b0; cache-fra-etou8220054-FRA-c2df6480-a5ed-49f8-8aa2-133c5f78507b
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8b95c5494fb69948-FRA
x-amz-cf-id: zgPu4bP7hxvW71x-Q0IlVgm_ef6Vf_K5Jku8m7Kt5lonwxQGyByrtQ==
x-cache-hits: 63, 3

GET
H2 200 2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
319 B 191ms
190ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 varnish, 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
age: 0
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kjyo7100151-IAD, cache-fra-eddf8230106-FRA
server: cloudflare
x-timer: S1724695743.976061,VS0,VE95
etag: "1000002"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kjyo7100151-IAD-5593beab-6c17-444c-bc2c-266729f9bd4a; cache-fra-eddf8230106-FRA-4bc1d420-9dd2-41a3-aaac-a7284eb7b068
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8b95c5495fb99948-FRA
x-amz-cf-id: lEoJB7dtpnUYqVfz3O5zQj9HSHn3wZpn3UucZ6V1qOj05kaKYRehVQ==
x-cache-hits: 0, 0

POST collect
o.clarity.ms/ 0
0

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
284 B 616ms
351ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin: https://app.monarchmoney.com
Date: Mon, 26 Aug 2024 18:09:03 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a84151c25c961f96ff44075239a95633fae76ffb44e405b62af26a62419103d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Graphik-Medium.8206f65f..woff2
app.monarchmoney.com/static/media/ 35 KB
41 KB 349ms
348ms Font
font/woff2 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/media/Graphik-Medium.8206f65f..woff2

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5fd82d19e45a2998d5ae86aa40b5a8409695806d77ed22681cdde94693c0cd6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.monarchmoney.com/login?route=%2F
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-length: 35489
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457640&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=vFQ5vHkFaLhbsF2igcxKc%2F0Jy7J%2FhQX1TYJqa8XWKpc%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
server: cloudflare
etag: W/"8aa1-191810b9e60"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457640&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=vFQ5vHkFaLhbsF2igcxKc%2F0Jy7J%2FhQX1TYJqa8XWKpc%3D"}]}
content-type: font/woff2
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8b95c549ebef1c2c-FRA

GET
H2 200 Graphik-Regular.7019447d..woff2
app.monarchmoney.com/static/media/ 36 KB
42 KB 368ms
367ms Font
font/woff2 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/media/Graphik-Regular.7019447d..woff2

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c03914e8508cb6af00ba472eb252334c9a5d6ff1bfe7823c4364c08a4be130f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.monarchmoney.com/login?route=%2F
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-length: 36525
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724457640&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=vFQ5vHkFaLhbsF2igcxKc%2F0Jy7J%2FhQX1TYJqa8XWKpc%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
server: cloudflare
etag: W/"8ead-191810b9e60"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724457640&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=vFQ5vHkFaLhbsF2igcxKc%2F0Jy7J%2FhQX1TYJqa8XWKpc%3D"}]}
content-type: font/woff2
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8b95c549ebf01c2c-FRA

GET
H2 200 MonarchIcons.63080729..ttf
app.monarchmoney.com/static/media/ 25 KB
20 KB 362ms
362ms Font
font/ttf 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/media/MonarchIcons.63080729..ttf

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3042155b43d9eafd3553035c29c863f3ced375e30003da6ba9dd274dba9e3a7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.monarchmoney.com/login?route=%2F
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724577269&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=3qDuTxRjkXezHtxyXT%2BynRO%2FoTVQXtNVzxY9wzC5CZM%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
server: cloudflare
etag: W/"65b0-191810b9e60"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724577269&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=3qDuTxRjkXezHtxyXT%2BynRO%2FoTVQXtNVzxY9wzC5CZM%3D"}]}
content-type: font/ttf
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c549ebf11c2c-FRA

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
57 B 151ms
150ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
57 B 152ms
148ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 summary.json Show response
status.monarchmoney.com/ 87 B
395 B 358ms
320ms XHR
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://status.monarchmoney.com/summary.json

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

390ef43c0b5dbc582e5739b1d396f223472ab9975bd1213561bae3441a0b745d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
age: 0
referrer-policy: strict-origin-when-cross-origin
x-vercel-id: fra1::iad1::4ss6d-1724695742888-da7591f8d70e
server: cloudflare
x-matched-path: /api/summary.json
x-vercel-cache: MISS
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: iad1
content-type: application/json
access-control-allow-origin: *
cache-control: public
cf-ray: 8b95c548af109948-FRA

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ 10 KB
5 KB 159ms
57ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=d8d33592-cf5c-4ae3-ae8f-553657823fbf

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/main.59845e90.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 44
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FvQdmFryR3DXzItNU0qT%2Ftl2qnJIfdIak5Dri8hWRp8%2B0D5FLLMHdTA3a5RDBH%2FqSFMYaS5L5qgo8Vkc0v0AkG7R%2Buxy7TspG0qJNcuVbrnmJTvv1x85vieWWYhfbzjq0am6pyI%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8b95c5490ba1727c-HAM
access-control-allow-headers: *

POST graphql
api.monarchmoney.com/ 0
0

GET
H2 200 summary.json Show response
status.monarchmoney.com/ 87 B
187 B 451ms
103ms XHR
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://status.monarchmoney.com/summary.json

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

390ef43c0b5dbc582e5739b1d396f223472ab9975bd1213561bae3441a0b745d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
age: 0
referrer-policy: strict-origin-when-cross-origin
x-vercel-id: fra1::iad1::wfbcr-1724695743168-49c8d9aff41c
server: cloudflare
x-matched-path: /api/summary.json
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: iad1
content-type: application/json
access-control-allow-origin: *
cache-control: public
cf-ray: 8b95c54aa8e39948-FRA

GET
H2 200 events-script Show response
events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/ 103 KB
28 KB 196ms
57ms Script
text/javascript 2600:9000:223d:e600:9:a6e8:8080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/analytics.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:e600:9:a6e8:8080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cbf5816bdc700b18c3be9c798106262658ca8e966b5b82b22c94dda91da35d2e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 8YiAlGSVaxZ6Fio1n8qwvsVxjnrg64g4
content-encoding: br
via: 1.1 d07eabeb1ed60c06da1457f35fb5c8c4.cloudfront.net (CloudFront), 1.1 59439a13f6db75e801a63663b4f79372.cloudfront.net (CloudFront)
date: Mon, 26 Aug 2024 18:08:19 GMT
x-amz-cf-pop: FRA6-C1, FRA56-P3
age: 44
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 29 Jul 2024 18:45:55 GMT
server: AmazonS3
etag: W/"54dbe7a5d4e3983c5c5c29f30845c4d3"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: GIE1Y7K5axX6ZhBJg2nyOw_Nv8egChg57wEy-Zp0J-bXEWDNBw-VqQ==

GET
H2 200 client Show response
accounts.google.com/gsi/ 227 KB
86 KB 158ms
55ms Script
application/javascript 2a00:1450:4013:c07::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4013:c07::54 Groningen, Netherlands, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

019b3738cec20a4caa76ada400d57ef94f1c19d02ac2739c46e8f2e0468620dd

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-ef6aK6fOjnDTWFOqWSeOWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
content-security-policy: require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-ef6aK6fOjnDTWFOqWSeOWg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Mon, 26 Aug 2024 18:09:02 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 155ms
55ms Script
text/javascript 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LfQ4tUpAAAAAFa5LWIcYBPtAC2wsirC-CUZvhyy

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

4317abdcf898d4294c6079c9c50ec877f993bc5d071871bfe8cace1ec1874a64

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 26 Aug 2024 18:09:02 GMT

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
57 B 151ms
146ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
57 B 152ms
148ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin,access-control-request-method,access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 Graphik-Semibold.ea1b5de4..woff2
app.monarchmoney.com/static/media/ 40 KB
46 KB 374ms
374ms Font
font/woff2 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/media/Graphik-Semibold.ea1b5de4..woff2

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

244d56ceae3f2752b26cbe829087d576d715275e60fe3efb58083652272255c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.monarchmoney.com/login?route=%2F
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-length: 40841
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724477415&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=UO0WFvKosnwRYp6T76mKGeZG1TH%2FUzS9puMwv4J3rE0%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
server: cloudflare
etag: W/"9f89-191810b9e60"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724477415&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=UO0WFvKosnwRYp6T76mKGeZG1TH%2FUzS9puMwv4J3rE0%3D"}]}
content-type: font/woff2
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8b95c54a0c151c2c-FRA

POST graphql
api.monarchmoney.com/ 0
0

GET
H/1.1 200
OK appleid.auth.js Show response
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/ 42 KB
17 KB 252ms
48ms Script
application/javascript 23.218.69.7
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/main.59845e90.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.218.69.7 Haarlem, Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-218-69-7.deploy.static.akamaitechnologies.com

Software

Apple /

Resource Hash

8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Mon, 26 Aug 2024 18:09:03 GMT
Last-Modified: Thu, 22 Aug 2024 18:15:35 GMT
Server: Apple
ETag: W/"43171-1724350535118"
Vary: accept-encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400,stale-while-revalidate=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17356

GET
H2 200 splitChanges Show response
features.monarchmoney.com/sdk/api/ 246 KB
14 KB 84ms
84ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=-1

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9a95ae468165e0379cee7df2c0940352ec05acde75bdfcdfc2d7fd8483bffb8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 varnish, 1.1 varnish, 1.1 f75afc04e5fb2b66fe286e4f840886c6.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
age: 316104
x-cache: Miss from cloudfront
content-length: 13384
x-served-by: cache-iad-kiad7000046-IAD, cache-fra-eddf8230154-FRA
last-modified: Fri, 23 Aug 2024 02:20:32 GMT
server: cloudflare
x-timer: S1724695743.111498,VS0,VE2
etag: "1724379632563"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kjyo7100158-IAD-3b2bd45e-2f34-4f94-be2b-1243ec128ccf; cache-fra-etou8220062-FRA-0098b766-13c2-4124-b7ee-ca83b42df73f
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8b95c54a48889948-FRA
x-amz-cf-id: VoZnjgFbM6zJAzXrctDYMqi9m7MjgwNk6Mk2iHu_yuWZ8xMOSt0jHw==
x-cache-hits: 120, 0

GET
H2 200 butterfly-logo.svg
app.monarchmoney.com/ 859 B
7 KB 165ms
160ms Image
image/svg+xml 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.monarchmoney.com/butterfly-logo.svg

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6fa8e5c4ead3fe2cbd9f01169aba2e90dc25bf47c90d901a00bbbd11af4453d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724515295&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=Uv9dkfPEjYK0o0eoEbZMcD86qCDgf5SRypU7bkMtpwE%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"35b-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724515295&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=Uv9dkfPEjYK0o0eoEbZMcD86qCDgf5SRypU7bkMtpwE%3D"}]}
content-type: image/svg+xml
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c549cbbf1c2c-FRA

GET
H2 200 logo-color.svg
app.monarchmoney.com/ 4 KB
8 KB 344ms
340ms Image
image/svg+xml 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.monarchmoney.com/logo-color.svg

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93b449763525f13633010ddce61b38378d1540ac14fa438699c98f7f82c6f5c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724515369&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=2FH0gADNtsImKFsAAYJtnh1ONhP5SH%2B0MDrShy3gW%2Bo%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"111d-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724515369&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=2FH0gADNtsImKFsAAYJtnh1ONhP5SH%2B0MDrShy3gW%2Bo%3D"}]}
content-type: image/svg+xml
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c549cbc21c2c-FRA

GET
H2 200 apple-logo.631edd89..svg
app.monarchmoney.com/static/media/ 704 B
7 KB 337ms
334ms Image
image/svg+xml 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.monarchmoney.com/static/media/apple-logo.631edd89..svg

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

848312e324cb800ec839beaa658f151deb8365a43cd55a0bd30058c5448670d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724515369&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=2FH0gADNtsImKFsAAYJtnh1ONhP5SH%2B0MDrShy3gW%2Bo%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
server: cloudflare
etag: W/"2c0-191810b9e60"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724515369&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=2FH0gADNtsImKFsAAYJtnh1ONhP5SH%2B0MDrShy3gW%2Bo%3D"}]}
content-type: image/svg+xml
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c549cbc61c2c-FRA

GET
H2 200 google-logo.e675ec58..svg
app.monarchmoney.com/static/media/ 1 KB
6 KB 342ms
339ms Image
image/svg+xml 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.monarchmoney.com/static/media/google-logo.e675ec58..svg

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60c90063596ad373d42396f5c88f936d39544f801968ac93c1fe15b3feca090f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724515369&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=2FH0gADNtsImKFsAAYJtnh1ONhP5SH%2B0MDrShy3gW%2Bo%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 21:01:48 GMT
server: cloudflare
etag: W/"45d-191810b9e60"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724515369&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=2FH0gADNtsImKFsAAYJtnh1ONhP5SH%2B0MDrShy3gW%2Bo%3D"}]}
content-type: image/svg+xml
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c549cbc71c2c-FRA

GET
H2 200 auth Show response
features.monarchmoney.com/auth/api/ 714 B
758 B 374ms
373ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/auth/api/auth?users=UNKNOWN&users=2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

752fcc1c601e35558e40454b0f1145c22dbe774cef1ed8568da97ea331e9d42e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=15770000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
strict-transport-security: max-age=15770000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
via: 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
content-encoding: br
x-cache: Miss from cloudfront
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://app.monarchmoney.com
access-control-allow-credentials: true
cf-ray: 8b95c54c5aa89948-FRA
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
x-amz-cf-id: B3s7hEGCmr2EmaYKQYtVqlbQnlBxYpl9ssNrj_srn-QwAulc0ISbVA==

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
857 B 196ms
194ms Ping
text/plain 2.21.20.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-20-12.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 54c62201.b11ea8fd
date: Mon, 26 Aug 2024 18:09:03 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-24082618090398D414A996B00701C567-04E3ADC678042FD3-00
x-cache: TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time: 151,23.51.23.76
server-timing: cdn-cache; desc=MISS, edge; dur=90, origin; dur=64, inner; dur=60
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 2024082618090398D414A996B00701C567
x-cache-remote: TCP_MISS from a23-220-104-5.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 64,23.220.104.5
x-tt-trace-host: 017d0578f327b57d1558311a3c4228a5165a0843de0531c54351ef4e09db53a45b0e55da52e08bce06f4e84a0445ae095cf34426870a5ca2ef7c3e905b308d1cbeda7bc39738957bc78f17835c71a6388ebe59dbb066b9dff1ff883881e5c46c3f17bf21e9281e3229fa8ff37ed86d9a0c
access-control-allow-headers: Authorization,*
expires: Mon, 26 Aug 2024 18:09:03 GMT

OPTIONS
H2 200 auth
features.monarchmoney.com/auth/api/ Frame 0
0 327ms
327ms Preflight
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/auth/api/auth?users=UNKNOWN&users=2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=15770000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
cf-cache-status: DYNAMIC
cf-ray: 8b95c54a48979948-FRA
content-length: 4
content-security-policy: frame-ancestors 'self'
content-type: application/json; charset=utf-8
date: Mon, 26 Aug 2024 18:09:03 GMT
server: cloudflare
strict-transport-security: max-age=15770000; includeSubDomains
via: 1.1 f75afc04e5fb2b66fe286e4f840886c6.cloudfront.net (CloudFront)
x-amz-cf-id: qD3YgK4S4NsUEXigya61S1jHSYDKKOeLLZjyVGuVccN3pLp8PoW49g==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: master-only

OPTIONS
H2 200 event
sdk-api-v1.singular.net/api/v1/ Frame 0
0 341ms
204ms Preflight 184.24.77.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk-api-v1.singular.net/api/v1/event?current_device_time=1724695743&event_id=d219b05f-bad8-47ec-97b3-a42a68d1e04c&conversion_event=true&k=SDID&a=monarch_money_85497080&p=Web&i=com.monarchmoney.web.app&screen_height=1200&screen_width=1600&sdk=WebSDK-v1.2.8&singular_instance_id=b56942b4-a1b4-4f1f-9525-ba3348af04ed&sdid=cca1e79b-ce66-4331-8a65-682fb0987b15&storage_type=local&timezone=GMT%2B0200&touchpoint_timestamp=1724695743&u=cca1e79b-ce66-4331-8a65-682fb0987b15&n=__PAGE_VISIT__&is_revenue_event=false&s=46ffd89f-c9e4-4ddf-9ee7-291a6bc98ccf&is_first_visit=true&is_page_refreshed=false&sdid_persist_mode=auto&os=Linux&lag=0&h=17e490265a39b7485507851d0ab30825058c5367
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-152.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Content-Length
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Mon, 26 Aug 2024 18:09:03 GMT
expires: Mon, 26 Aug 2024 18:09:03 GMT
pragma: no-cache
vary: Accept-Encoding

POST
H2 200 event Show response
sdk-api-v1.singular.net/api/v1/ 51 B
307 B 205ms
204ms XHR
application/json 184.24.77.152
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk-api-v1.singular.net/api/v1/event?current_device_time=1724695743&event_id=d219b05f-bad8-47ec-97b3-a42a68d1e04c&conversion_event=true&k=SDID&a=monarch_money_85497080&p=Web&i=com.monarchmoney.web.app&screen_height=1200&screen_width=1600&sdk=WebSDK-v1.2.8&singular_instance_id=b56942b4-a1b4-4f1f-9525-ba3348af04ed&sdid=cca1e79b-ce66-4331-8a65-682fb0987b15&storage_type=local&timezone=GMT%2B0200&touchpoint_timestamp=1724695743&u=cca1e79b-ce66-4331-8a65-682fb0987b15&n=__PAGE_VISIT__&is_revenue_event=false&s=46ffd89f-c9e4-4ddf-9ee7-291a6bc98ccf&is_first_visit=true&is_page_refreshed=false&sdid_persist_mode=auto&os=Linux&lag=0&h=17e490265a39b7485507851d0ab30825058c5367
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.152 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-152.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 453587255e3306b50351d8120774686da9f8f49257ec71fbb786d2b2e22c50c5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:09:03 GMT
apsalar-extra: security hash failed
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: Content-Type, Content-Length
content-length: 51
expires: Mon, 26 Aug 2024 18:09:03 GMT

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
284 B 189ms
135ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://app.monarchmoney.com
Date: Mon, 26 Aug 2024 18:09:03 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 d8d33592-cf5c-4ae3-ae8f-553657823fbf Show response
ekr.zdassets.com/compose/ 493 B
1 KB 1086ms
686ms Fetch
application/json 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/d8d33592-cf5c-4ae3-ae8f-553657823fbf

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20490cfcb843d804643e20e6d07936fb40dde6c923fb43588f7874a495a50638

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:04 GMT
strict-transport-security: max-age=0
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
content-encoding: br
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8b62f1f7a98e76b0-SEA, 8b62f1f7a98e76b0-SEA, 8b62f1f7a98e76b0-SEA
x-runtime: 0.009857
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"20490cfcb843d804643e20e6d07936fb"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pR%2F6KvnkLrIXvanwj1RTjZkekLnniCpcaRxMFeYeWgoVcuUHyQ58o571YoQk6yp1b%2BIZpiGV%2FSKMspoHroTVwq3L0g7AoMfXHqpknTfc%2BryniWzbBU5u4OobMh7FJA7TNAA%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8b95c54e3e74ca3b-HAM

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/ 10 KB
3 KB 148ms
41ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/settings
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9affb9be132f18ddba52f53549dabe8b4a644a4c1b2fe5d76bbd7750275da02

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: UESK49fyxYGmYV4v5O2Wd4kiz5hLX1le
content-encoding: br
via: 1.1 f0a97a8c56cd2bb79a1739863489ed4c.cloudfront.net (CloudFront)
date: Mon, 26 Aug 2024 15:59:57 GMT
x-amz-cf-pop: FRA6-C1
age: 7902
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 25 Jul 2024 17:24:06 GMT
server: AmazonS3
etag: W/"afcbd98cac05aea061eb2fabf0051edb"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: lTo1gLS-AZUWJLnQeMpcglMYMBBMHJPz2nmGN2R2EkwsDrZOG4xoXw==

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/ 539 KB
215 KB 145ms
42ms Script
text/javascript 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LfQ4tUpAAAAAFa5LWIcYBPtAC2wsirC-CUZvhyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

13e3852d2c9f4f4bd3125764fa931927e2b6901960c971c3e28ba3911262a78f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 13:36:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 16373
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 219509
x-xss-protection: 0
last-modified: Mon, 19 Aug 2024 04:00:58 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Aug 2025 13:36:10 GMT

GET
H2 200 controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html
js.stripe.com/v3/ Frame F495 0
0 121ms
42ms Document
text/html 13.224.189.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-2192bc635d8b55ea00400ca4fa5b0b92.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.224.189.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-121.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 28
alt-svc: h3=":443"; ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-length: 651
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 18:08:36 GMT
etag: "2192bc635d8b55ea00400ca4fa5b0b92"
last-modified: Mon, 26 Aug 2024 17:21:25 GMT
origin-agent-cluster: ?1
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 9568a708c8ab21597698ebe7dce6c42e.cloudfront.net (CloudFront)
x-amz-cf-id: 6Dqp4UQjeA4uXJKHLyhxEfJzdALrJrIxr__8HDY2S4TJpN77tihglg==
x-amz-cf-pop: FRA2-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
857 B 171ms
166ms Ping
text/plain 2.21.20.12
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcwODM0ODQ4MQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.21.20.12 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-21-20-12.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: f77e5ad.b11eb333
date: Mon, 26 Aug 2024 18:09:03 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408261809030C0D6ACED67ED16D05A7-1CB88659D73B106F-00
x-cache: TCP_MISS from a23-51-23-76.deploy.akamaitechnologies.com (AkamaiGHost/11.6.1.1-c253c574b3c2af32d59c15ea70b89e46) (-)
x-parent-response-time: 115,23.51.23.76
server-timing: cdn-cache; desc=MISS, edge; dur=108, origin; dur=19, inner; dur=15
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408261809030C0D6ACED67ED16D05A7
x-cache-remote: TCP_MISS from a23-48-200-15.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 19,23.48.200.15
x-tt-trace-host: 017d0578f327b57d1558311a3c4228a5162e3b9a5427002f4321c03cd941a7890e977f078f5486a92f6e25f70e5df1282fd4d033b355051b19a00ad42311cb6b2abc4b8fd9b3e3459146aadc2b98fbbde7a728235211cc1ad73489c27c2080c19b135ef8fdea25521eb49cb1d0a6f0b48c
access-control-allow-headers: Authorization,*
expires: Mon, 26 Aug 2024 18:09:03 GMT

GET
H2 200 tsub-middleware.bundle.c0f5511a001f780f591f.js Show response
cdn.segment.com/analytics-next/bundles/ 18 KB
6 KB 149ms
61ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/tsub-middleware.bundle.c0f5511a001f780f591f.js
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 557c67c76c13a84e8b483ee1a0dfdd807399d960909266e7c6a83ddfadca9c81

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 25 Jul 2024 17:48:59 GMT
x-amz-version-id: ot1syIPz_4SEEXctAcFzoJMAfu_hQEig
content-encoding: gzip
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 2766005
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 23 Jul 2024 22:02:58 GMT
server: AmazonS3
etag: W/"f7b3d2021df83853b191aefa39a74b15"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: CA3WkEiwyNKVKdqUAb9QgFVBpipes4BRDzVScjib8eOw3OrskcS-vA==

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame 31F7 0
0 155ms
71ms Document
text/html 142.250.185.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfQ4tUpAAAAAFa5LWIcYBPtAC2wsirC-CUZvhyy&co=aHR0cHM6Ly9hcHAubW9uYXJjaG1vbmV5LmNvbTo0NDM.&hl=de&v=i7X0JrnYWy9Y_5EYdoFM79kV&size=invisible&cb=qj1vm7kibzgb

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/i7X0JrnYWy9Y_5EYdoFM79kV/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f4.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-iIa-Xvv_qpDbXJ1YOEJM7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-iIa-Xvv_qpDbXJ1YOEJM7Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 26 Aug 2024 18:09:03 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 ajs-destination.bundle.ed53a26b6edc80c65d73.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 42ms
42ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 24 Jun 2024 20:17:52 GMT
x-amz-version-id: y1rPlIgvelxNE1YxH.dn4iIroP2Pnn0U
content-encoding: br
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 5435471
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 24 Jun 2024 18:40:05 GMT
server: AmazonS3
etag: W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: 6YmkQshJJayBzmbJEtn0q03YlSUeUdLzRA3zdK32lfox0jD3FWgUZg==

GET
H2 200 schemaFilter.bundle.5c2661f67b4b71a6d9bd.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 45ms
45ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 24 Jun 2024 20:17:54 GMT
x-amz-version-id: fFM2.Q5O21tbOz6I0BWTT24IeUb4pa6L
content-encoding: br
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 5435470
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 24 Jun 2024 18:40:05 GMT
server: AmazonS3
etag: W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: KXLwUQ2pSV5Yl6ezNauZH34uK0Nj4G9Wxz7fjpkVwoed4gUegggEHA==

GET
H2 200 sse
streaming.split.io/ 1 KB
0 203ms
52ms EventSource
text/event-stream 2600:9000:275b:6c00:6:5671:b9c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://streaming.split.io/sse?channels=Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_MTY3MTQ0NDk2OA%3D%3D_mySegments,Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_MTgwMTI3Njc1OA%3D%3D_mySegments,Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_splits,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_pri,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_sec&accessToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IkRQVkE3QS44czhnaVEiLCJ0eXAiOiJKV1QifQ.eyJ4LWFibHktY2FwYWJpbGl0eSI6IntcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X01UWTNNVFEwTkRrMk9BPT1fbXlTZWdtZW50c1wiOltcInN1YnNjcmliZVwiXSxcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X01UZ3dNVEkzTmpjMU9BPT1fbXlTZWdtZW50c1wiOltcInN1YnNjcmliZVwiXSxcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X3NwbGl0c1wiOltcInN1YnNjcmliZVwiXSxcImNvbnRyb2xfcHJpXCI6W1wic3Vic2NyaWJlXCIsXCJjaGFubmVsLW1ldGFkYXRhOnB1Ymxpc2hlcnNcIl0sXCJjb250cm9sX3NlY1wiOltcInN1YnNjcmliZVwiLFwiY2hhbm5lbC1tZXRhZGF0YTpwdWJsaXNoZXJzXCJdfSIsIngtYWJseS1jbGllbnRJZCI6ImNsaWVudElkIiwiZXhwIjoxNzI0Njk5MzQzLCJpYXQiOjE3MjQ2OTU3NDN9._jCa58ig0uGrtuRlJ41Pj0N2v34tDhODXH48TyDQ08s&v=1.1&heartbeats=true
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:275b:6c00:6:5671:b9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: text/event-stream
Cache-Control: no-cache
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
via: 1.1 21f03f5333352c6494e837ba1b3bb6ce.cloudfront.net (CloudFront)
x-ably-cluster: production:split
x-amz-cf-pop: FRA60-P7
vary: Origin
x-ably-serverid: frontdoor.4ed6.eu-central-1-A.i-0e19fd197818431a8.e91TWBAJg7BDDK
content-type: text/event-stream
access-control-allow-origin: https://app.monarchmoney.com
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-amz-cf-id: WUxJY9oe20EDbYFTY13vJPjYK8RHYzfzDI-F_20LygwWpqeafrVSxA==

GET
H2 200 google-analytics.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/ 16 KB
5 KB 49ms
47ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 01:18:46 GMT
content-encoding: gzip
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-version-id: RuSoXd63GDprOkfUx43E0yJR.wEvWAQk
x-amz-cf-pop: FRA6-C1
age: 579018
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 4743
last-modified: Thu, 08 Aug 2024 06:57:15 GMT
server: AmazonS3
etag: "6a3ed21f9b6777c0c37e6e248ea22387"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: ECFGyatmLPdVlW2g4idPdK-u_amI8cuK0w6sNoORuLe4ivcn3RDdww==

GET
H2 200 facebook-pixel.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 10 KB
4 KB 49ms
48ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4df53644d1c9fd651ccfd697977eb07d94cd744b0a4997568d67cc25ef44e483

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 23:05:46 GMT
content-encoding: gzip
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-version-id: cuitFtVByPnpmGgtaJu0tUis3_ZXBX9n
x-amz-cf-pop: FRA6-C1
age: 500598
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3273
last-modified: Thu, 08 Aug 2024 06:57:15 GMT
server: AmazonS3
etag: "a7cd49c834a0851140e3304c91cb34d0"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: 3PyOqCIu6rnqBWWYmUc5COo-LUX8HQhiY2fyoLT3bRNYxQadfdtI3w==

GET
H2 200 adwords.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/adwords/2.5.3/ 4 KB
2 KB 50ms
49ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/adwords/2.5.3/adwords.dynamic.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 20de2de93c034f0e1ed81727065936b52b3bedb10a612cc28afea038c740ef2f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 27 Jul 2024 21:14:24 GMT
content-encoding: gzip
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-version-id: 7vkqclv0v7ecqw42WAvkgxG2mh5ifLIy
x-amz-cf-pop: FRA6-C1
age: 2580880
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1356
last-modified: Mon, 03 Jun 2024 14:40:12 GMT
server: AmazonS3
etag: "f6246f378e8c1ade9a26d83796683c03"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: A2JGGtRz-Tl_PjHdWJubpa6SevOllEyvc1rhy6sX_15njqD6FEB8Zg==

GET
H2 200 bing-ads.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/bing-ads/2.0.1/ 2 KB
2 KB 49ms
49ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/bing-ads/2.0.1/bing-ads.dynamic.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e91bd6d37a2d6c0a38558cfe458338d7f0437252d5d4e3ebfffa5d2ba8e5aaa2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 23:05:46 GMT
content-encoding: gzip
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-version-id: FoTET4_68HQpVRKQ1li1OZXu7277KolH
x-amz-cf-pop: FRA6-C1
age: 500598
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1135
last-modified: Thu, 08 Aug 2024 06:57:14 GMT
server: AmazonS3
etag: "3900da1d5e6e2ce7174a0f56f77b7b5b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: EKBhQj-PcietMA1Js_rfCsP8a1JISun3Quv3SeYvt5qqQeFLV9-ndw==

POST
H2 200 p Show response
events-api.monarchmoney.com/v1/ 21 B
332 B 598ms
462ms Fetch
application/json 2600:9000:26e8:d600:d:cf84:bb40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://events-api.monarchmoney.com/v1/p

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26e8:d600:d:cf84:bb40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 26 Aug 2024 18:09:04 GMT
strict-transport-security: max-age=31536000
via: 1.1 fb02145a1ed983434aacfc27d3e4a9a6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://app.monarchmoney.com
content-length: 21
x-amz-cf-id: b_uh0NUgwHFgfN2apKJRSYxP_JMENPtUAcYBkc7c1j27wHUOBQBHlw==

POST
H2 200 p Show response
events-api.monarchmoney.com/v1/ 21 B
334 B 318ms
184ms Fetch
application/json 2600:9000:26e8:d600:d:cf84:bb40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://events-api.monarchmoney.com/v1/p

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26e8:d600:d:cf84:bb40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Mon, 26 Aug 2024 18:09:04 GMT
strict-transport-security: max-age=31536000
via: 1.1 fb02145a1ed983434aacfc27d3e4a9a6.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://app.monarchmoney.com
content-length: 21
x-amz-cf-id: mBnUYoWyONd8NEBwXH9kLXFvIsegJrpLXbKXdsY7WsN3umhFnS7mdQ==

GET
H2 200 commons.a61d7bea37d2de5d4b69.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 70 KB
22 KB 47ms
46ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 18:17:22 GMT
content-encoding: gzip
via: 1.1 94faae20b0f122c4555025f52a2fd744.cloudfront.net (CloudFront)
x-amz-version-id: aAixXKmCEkR1rfYrRzV2.EPYhnGmH0W2
x-amz-cf-pop: FRA6-C1
age: 258702
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 21911
last-modified: Thu, 08 Aug 2024 06:57:13 GMT
server: AmazonS3
etag: "c467a63b2e7c3a99be423ace649014d8"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: EYbHszMDKw7fiy59Cy4QvafsbHBtqAGOchDHG2mZIdaYMgwqVr-2gg==

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 54 KB
19 KB 134ms
53ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

0adb664f023c10dafb9862cb4b6ca9c90e19f4bdb60bc18bb0f67a3bbaf593c8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:04 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19835
x-xss-protection: 0
server: cafe
etag: 10886473460999387182
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 26 Aug 2024 18:09:04 GMT

GET
H2 200 UNKNOWN Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
0 2ms
2ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
x-cache: Hit from cloudfront
content-length: 41
x-served-by: cache-iad-kiad7000133-IAD, cache-fra-eddf8230098-FRA
server: cloudflare
x-timer: S1724695743.681376,VS0,VE0
etag: "1000002"
vary: Accept-Encoding,Authorization
trace: cache-iad-kiad7000133-IAD-e4bdf414-3421-4c47-a340-e922355297b0; cache-fra-etou8220054-FRA-c2df6480-a5ed-49f8-8aa2-133c5f78507b
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8b95c5494fb69948-FRA
x-amz-cf-id: zgPu4bP7hxvW71x-Q0IlVgm_ef6Vf_K5Jku8m7Kt5lonwxQGyByrtQ==
x-cache-hits: 63, 3

GET
H2 200 2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
0 2ms
2ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://features.monarchmoney.com/sdk/api/mySegments/2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
age: 0
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kjyo7100151-IAD, cache-fra-eddf8230106-FRA
server: cloudflare
x-timer: S1724695743.976061,VS0,VE95
etag: "1000002"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kjyo7100151-IAD-5593beab-6c17-444c-bc2c-266729f9bd4a; cache-fra-eddf8230106-FRA-4bc1d420-9dd2-41a3-aaac-a7284eb7b068
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8b95c5495fb99948-FRA
x-amz-cf-id: lEoJB7dtpnUYqVfz3O5zQj9HSHn3wZpn3UucZ6V1qOj05kaKYRehVQ==
x-cache-hits: 0, 0

GET
H2 200 splitChanges Show response
features.monarchmoney.com/sdk/api/ 56 B
586 B 82ms
81ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=1724379632563

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa3a8d411b49a9f9e568c053a6b3a85058bd3bb4e787641dc8364bf975dff15a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:04 GMT
strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 varnish, 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
age: 316111
x-cache: Miss from cloudfront
content-length: 64
x-served-by: cache-iad-kiad7000171-IAD, cache-fra-etou8220054-FRA
last-modified: Fri, 23 Aug 2024 02:20:32 GMT
server: cloudflare
x-timer: S1724695744.127501,VS0,VE0
etag: "1724379632563"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kiad7000171-IAD-9467a1fa-def1-45b5-a1c0-9ba4bd32d8cc; cache-fra-etou8220131-FRA-d1c4baf8-d891-4ace-b8c3-bd903665d623
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8b95c550aecd9948-FRA
x-amz-cf-id: ptaCkrYDRzGNUa6tCO1BYChky_tBlO4OuTKQLyMt9DJoRGxi3b08sA==
x-cache-hits: 1001, 19

OPTIONS
H2 200 splitChanges
features.monarchmoney.com/sdk/api/ Frame 0
0 74ms
71ms Preflight 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=1724379632563

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status: DYNAMIC
cf-ray: 8b95c5502e549948-FRA
content-length: 37
date: Mon, 26 Aug 2024 18:09:04 GMT
retry-after: 0
server: cloudflare
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish, 1.1 f75afc04e5fb2b66fe286e4f840886c6.cloudfront.net (CloudFront)
x-amz-cf-id: 1z8x3BeZF4V9QZ5IaBXehrEV1mTAjjDWAlJAsxNcwnET6cNu6XMR2w==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-cache-hits: 0
x-served-by: cache-ams21042-AMS
x-timer: S1724695744.050426,VS0,VE0

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 112ms
42ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 26 Aug 2024 18:09:04 GMT
document-policy: force-load-at-top
x-fb-server-load: 25
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58912
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=23, mss=1232, tbw=4327, tp=9, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: qjc3UYYwGapblxcxh6XW5Y55dmdHC0UWdr+RhVNBUs7ul9ouaNujStmFxTcXTg8cVxuUPoRNnhGy30BtTdc2Eg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 225ms
65ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 26 Aug 2024 18:09:03 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9810B5F37AF4417D895F9BD9E6F12EA5 Ref B: FRA31EDGE0221 Ref C: 2024-08-26T18:09:04Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 137ms
39ms Script
text/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Mon, 26 Aug 2024 16:40:40 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 5304
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Mon, 26 Aug 2024 18:40:40 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/AW-794001205/ 5 KB
2 KB 63ms
62ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/AW-794001205/?random=1724695744156&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

93ba5f75f41cfe790ccfb3e08394d86c97606e11a173228f5a9cd14f3d07f9e1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:09:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2386
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/AW-794001205/ 5 KB
2 KB 62ms
61ms Script
text/javascript 216.58.206.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/AW-794001205/?random=1724695744172&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lcfraa-aa-in-f2.1e100.net

Software

cafe /

Resource Hash

4bba68436fc217764bf6412bf62aaa3cd45b8037411b36ee711a3ce5b6c815e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:09:04 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2413
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2173781372941566 Show response
connect.facebook.net/signals/config/ 64 KB
13 KB 120ms
120ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2173781372941566?v=2.9.165&r=stable&domain=app.monarchmoney.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

23205dda36b7fc32e310d761a36bc25b417f34e35b956359356c4442d8f9c592

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 26 Aug 2024 18:09:04 GMT
document-policy: force-load-at-top
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=74, mss=1232, tbw=66933, tp=63, tpl=0, uplat=77, ullat=0
pragma: public
x-fb-debug: 1r12staDdU9Qim28EMDmteOi+MwlbRW1524hCaHa8pSw5YlZEXxBcC6ij98LjLfXw7ZNyd1eUJNsIjqIdOmRIQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 180 KB
65 KB 77ms
76ms Script
application/javascript 2a00:1450:4001:827::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-WL3C999&cid=1115916800.1724695744

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

71b3d9510b068b9702004564237273eb07ae6daba95792db02de82b6c7b985f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:04 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 66543
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 26 Aug 2024 18:09:04 GMT

GET
H2 200 137022621.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 66ms
65ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/137022621.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f9d2f93765355bf880f064950477035849e2bbf673e159d2074f5f3ec273a86c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Mon, 26 Aug 2024 18:09:03 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E197BD3F96F24A78924A10191342EEE7 Ref B: FRA31EDGE0221 Ref C: 2024-08-26T18:09:04Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H3

200

/
www.google.de/pagead/1p-conversion/AW-794001205/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=1861490009&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200...
https://www.google.com/pagead/1p-conversion/AW-794001205/?random=1861490009&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_...
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1861490009&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_h...

42 B
64 B

138ms
60ms

Image
image/gif

216.58.212.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1861490009&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSidldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI5pq3qaCTiAMV4-gRCB2e3yqvMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfow6Z9l0f6tovs0z1gCuU4GaEDlVJsw&random=1746030633&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Server

216.58.212.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:09:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:09:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1861490009&cv=9&fst=1724695744156&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSidldmVudC1zb3VyY2U7bmF2aWdhdGlvbi1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMI5pq3qaCTiAMV4-gRCB2e3yqvMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfow6Z9l0f6tovs0z1gCuU4GaEDlVJsw&random=1746030633&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/AW-794001205/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=18694309&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1...
https://www.google.com/pagead/1p-conversion/AW-794001205/?random=18694309&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=120...
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=18694309&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200...

42 B
64 B

138ms
61ms

Image
image/gif

216.58.212.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/AW-794001205/?random=18694309&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCJzHsQJKJ2V2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI8py3qaCTiAMVGfARCB101hkiMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnf1a_OIDQQnw2rJS92BWflWfT5ERIaXQ&random=2290117491&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Server

216.58.212.131 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s46-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:09:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 26 Aug 2024 18:09:04 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/AW-794001205/?random=18694309&cv=9&fst=1724695744172&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465926%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCJzHsQJKJ2V2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI8py3qaCTiAMVGfARCB101hkiMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnf1a_OIDQQnw2rJS92BWflWfT5ERIaXQ&random=2290117491&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 137022621 Show response
www.clarity.ms/tag/uet/ 680 B
935 B 142ms
141ms Script
application/x-javascript 2620:1ec:bdf::67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/137022621
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/137022621.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 10ed8c832fa26d2f50fea6973e8b347758324a1fac048f992baffc30d266691a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:9c7c879b-c51a-427e-9701-218438da5f81
date: Mon, 26 Aug 2024 18:09:04 GMT
x-azure-ref: 20240826T180904Z-r1bf48c9547x46lry95d97v3kc00000002k000000000gfk3
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 680
expires: -1

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
284 B 130ms
127ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://app.monarchmoney.com
Date: Mon, 26 Aug 2024 18:09:04 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 web-widget-main-3d13daa.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame E8C6 972 KB
277 KB 94ms
91ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-3d13daa.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=d8d33592-cf5c-4ae3-ae8f-553657823fbf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6779d21af697fc8ae9ec35c089cd39dd0fa9eab07390736b877f92a3d0d020ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:04 GMT
x-amz-version-id: EToPufSSukzOZH7f.C80poXvnt0jVDgo
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: HF7CT010FGDYDF11
age: 532957
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: hPeEs2TaM2KJhtoKWqFrGkIlYeGN64FPoYk+IWIVgvj/qfPHRsH1qDoUacKqGG6RBlZ/3q9N0b2qCCxYbGZVhQ==
last-modified: Wed, 07 Aug 2024 09:06:22 GMT
server: cloudflare
etag: W/"1592f3b19d0494ecba6dd6bbad332785"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LoPKwHLo27JH%2FRlqjqEaEqvpAgCOdOeP0gM9pJ%2BFQg40%2FcacMV3JqVqkQa0vy%2FnVCrj5m0cFzpDVlBR8UgJzh9LfeWUmgH2kaXo%2FO8blyNK8gR4c4X646zaE1MHBFzFj3uzoOBQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b95c552af16727c-HAM
access-control-allow-headers: *
expires: Thu, 07 Aug 2025 09:06:21 GMT

OPTIONS
H/1.1 204
No Content config
api.sprig.com/sdk/1/environments/jhOvgs1si6/ Frame 0
0 529ms
272ms Preflight 52.86.181.185
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sprig.com/sdk/1/environments/jhOvgs1si6/config
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.86.181.185 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-86-181-185.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,sprig-modules,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,sprig-modules,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
date: Mon, 26 Aug 2024 18:09:05 GMT
server: istio-envoy
timing-allow-origin: https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
vary: Access-Control-Request-Headers
x-envoy-upstream-service-time: 22

GET
H/1.1 200
OK config Show response
api.sprig.com/sdk/1/environments/jhOvgs1si6/ 996 B
1 KB 293ms
293ms Fetch
application/json 52.86.181.185
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sprig.com/sdk/1/environments/jhOvgs1si6/config
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.86.181.185 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-86-181-185.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: d86abc5dfa7f11003c811cef84eb8d740b10a7f97f89e7dd29945a1455103c43

Request headers

x-ul-visitor-id: 7de23bc6-e1b4-4f3f-b0ff-8ac8bb6c2e26
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json
x-ul-installation-method: web-snippet
Referer
sprig-modules: replay
x-ul-sdk-version: 2.31.1
x-ul-environment-id: jhOvgs1si6
userleap-platform: web

Response headers

date: Mon, 26 Aug 2024 18:09:05 GMT
server: istio-envoy
etag: W/"3e4-wUbaibaetVAhzjk2CYQ5/Lk6PH8"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 111
timing-allow-origin: https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
content-length: 996

GET
H3 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame 4CC2 0
0 43ms
42ms Document
text/html 13.224.189.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

QUIC, , AES_128_GCM

Server

13.224.189.121 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-224-189-121.fra2.r.cloudfront.net

Software

Cloudfront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 1695
alt-svc: h3=":443"; ma=86400
cache-control: max-age=31536000
content-length: 200
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Mon, 26 Aug 2024 17:40:50 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 23 Aug 2024 21:21:17 GMT
origin-agent-cluster: ?1
server: Cloudfront
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 c7f7b4cf7fd5efe64bac95586db3f62a.cloudfront.net (CloudFront)
x-amz-cf-id: FNtWoKEQe4I15TSyY5tW50dOE3NNLnNgmNtdDT1oPwaVm0L9z_5QVQ==
x-amz-cf-pop: FRA2-C1
x-cache: Hit from cloudfront
x-content-type-options: nosniff

GET
H2 200 en-us-json-3d13daa.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame E8C6 25 KB
6 KB 77ms
76ms Script
application/javascript 104.18.72.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-3d13daa.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-3d13daa.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:04 GMT
x-amz-version-id: B.bl5S_XkglCHgUwZexHMUuwDihc4ct0
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: 18XN8Y9YFX9F5S9J
age: 532956
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: 3ZhaDP3Fc9ZWIB892qArth60eSOKS2sGoJ0tr6wfHoOlQCP75UZCUDvqOqHUQSgmx1euF/OKTP8=
last-modified: Wed, 07 Aug 2024 09:06:24 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n5WRTr%2BFssE6MgeyADEoAQVyCg6N0jqN215DYTP02gY9MWmpHUxuJyg0jgoyxjHCQ2BdvCIzmyS8gPVZu4S2THite3r3ix%2BepvGWS1naIUlqDNRXzixb5N0SaoqrU%2F2%2BydJ3ofg%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8b95c555fea2727c-HAM
access-control-allow-headers: *
expires: Thu, 07 Aug 2025 09:06:23 GMT

GET
H2 200 config Show response
monarchmoney.zendesk.com/embeddable/ Frame E8C6 155 B
942 B 376ms
260ms Fetch
application/json 104.16.51.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://monarchmoney.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-3d13daa.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f3f33dcc409983a443e7c7937c946cd406231dc3d64b985f9ea04a86627bdd6

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:05 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server: embeddable-app-server-64bffbc89d-nrn48
x-cached: MISS
x-request-id: 8b95c556b9336a63-FRA
x-runtime: 0.002756
last-modified: Mon, 26 Aug 2024 18:09:05 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6lRktls%2Bfs%2Ft%2BuKGWtx8rvI3GOK1MdH%2BkUipX0rKJvocRxzkvZODGZ6a8QaNKH6X2G2eZMGOGP2WQDY8i%2FkA%2F6FxNo%2FN5sFcZnqtajloBYf7XOlXeogayl%2Fi717XP2MeIbM%2B%2BYAYCyhhmw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8b95c556b9336a63-HAM

GET
H2 200 favicon.ico
app.monarchmoney.com/ 15 KB
8 KB 348ms
347ms Other
image/x-icon 2606:4700:10::6816:3c79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3c79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8f2538e22c79cb7dc4e0f946da89f14dde3c6fc8ed7e74ef32674f596e5e633

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 18:09:05 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724524942&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=BemYLq%2ByT7vjzI8YtWgxD8wnROB04eAKi9yOjJuyTpo%3D
referrer-policy: no-referrer
last-modified: Fri, 23 Aug 2024 20:58:05 GMT
server: cloudflare
etag: W/"3c2e-19181083748"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724524942&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=BemYLq%2ByT7vjzI8YtWgxD8wnROB04eAKi9yOjJuyTpo%3D"}]}
content-type: image/x-icon
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8b95c556ff791c2c-FRA

POST
H3 200 ingest Show response
pixels.spotify.com/v1/ 52 B
100 B 55ms
55ms Fetch
application/json 35.186.224.24
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.spotify.com/v1/ingest

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.186.224.24 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

24.224.186.35.bc.googleusercontent.com

Software

envoy /

Resource Hash

af626b854a946518a3a3c508ee9824e78ae985c5cda705c1d2a3fdaafe2254c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:05 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
grpc-status: 0
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
grpc-encoding: identity
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://app.monarchmoney.com
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
grpc-accept-encoding: gzip,x-snappy-framed

POST
H/1.1 204
No Content collect Show response
o.clarity.ms/ 0
284 B 125ms
123ms XHR
text/plain 52.152.143.207
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://o.clarity.ms/collect
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.152.143.207 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://app.monarchmoney.com
Date: Mon, 26 Aug 2024 18:09:06 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111

GET
H2 200 UNKNOWN Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
0 1ms
1ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:02 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
x-cache: Hit from cloudfront
content-length: 41
x-served-by: cache-iad-kiad7000133-IAD, cache-fra-eddf8230098-FRA
server: cloudflare
x-timer: S1724695743.681376,VS0,VE0
etag: "1000002"
vary: Accept-Encoding,Authorization
trace: cache-iad-kiad7000133-IAD-e4bdf414-3421-4c47-a340-e922355297b0; cache-fra-etou8220054-FRA-c2df6480-a5ed-49f8-8aa2-133c5f78507b
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8b95c5494fb69948-FRA
x-amz-cf-id: zgPu4bP7hxvW71x-Q0IlVgm_ef6Vf_K5Jku8m7Kt5lonwxQGyByrtQ==
x-cache-hits: 63, 3

GET
H2 200 2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
0 1ms
1ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://features.monarchmoney.com/sdk/api/mySegments/2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:03 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 a44309111e5e1050ff485adaa4681ad0.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
age: 0
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kjyo7100151-IAD, cache-fra-eddf8230106-FRA
server: cloudflare
x-timer: S1724695743.976061,VS0,VE95
etag: "1000002"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kjyo7100151-IAD-5593beab-6c17-444c-bc2c-266729f9bd4a; cache-fra-eddf8230106-FRA-4bc1d420-9dd2-41a3-aaac-a7284eb7b068
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8b95c5495fb99948-FRA
x-amz-cf-id: lEoJB7dtpnUYqVfz3O5zQj9HSHn3wZpn3UucZ6V1qOj05kaKYRehVQ==
x-cache-hits: 0, 0

GET
H2 200 splitChanges Show response
features.monarchmoney.com/sdk/api/ 56 B
257 B 87ms
86ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=1724379632563

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/693.8ac79289.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa3a8d411b49a9f9e568c053a6b3a85058bd3bb4e787641dc8364bf975dff15a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 26 Aug 2024 18:09:09 GMT
strict-transport-security: max-age=15770000; includeSubdomains
via: 1.1 varnish, 1.1 varnish, 1.1 f75afc04e5fb2b66fe286e4f840886c6.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: AMS58-P5
age: 316116
x-cache: Miss from cloudfront
content-length: 64
x-served-by: cache-iad-kiad7000171-IAD, cache-fra-etou8220059-FRA
last-modified: Fri, 23 Aug 2024 02:20:32 GMT
server: cloudflare
x-timer: S1724695749.046584,VS0,VE0
etag: "1724379632563"
vary: Accept-Encoding,Authorization
trace: cache-iad-kiad7000171-IAD-9467a1fa-def1-45b5-a1c0-9ba4bd32d8cc; cache-fra-etou8220131-FRA-d1c4baf8-d891-4ace-b8c3-bd903665d623
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
content-type: application/json; charset=utf-8
accept-ranges: bytes
cf-ray: 8b95c56f58cc9948-FRA
x-amz-cf-id: nYu7cARsgAmPipDRrRZRz206NaVREFzOpUdRqyiog20fYoTwuCr2qQ==
x-cache-hits: 1001, 9

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: o.clarity.ms
URL: https://o.clarity.ms/collect

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

19 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.monarchmoney.com/	1970-01-21 07:50:31	Name: __spdt Value: 17cb169234d14e0f9e5fbdd6762a46a4
.monarchmoney.com/	1970-01-21 01:14:31	Name: _rdt_uuid Value: 1724695740730.71ea68b3-29b5-4ca7-8e5f-1dc4d405abea
.tiktok.com/	1970-01-21 08:26:31	Name: _ttp Value: 2lCtAHtCLmYGZ3t8bXYj7UqzHCH
.twitter.com/	1970-01-21 08:40:55	Name: guest_id_marketing Value: v1%3A172469574086576874
.twitter.com/	1970-01-21 08:40:55	Name: guest_id_ads Value: v1%3A172469574086576874
.twitter.com/	1970-01-21 08:40:55	Name: personalization_id Value: "v1_XlahnaiVvbknBgIM99TSGg=="
.twitter.com/	1970-01-21 08:40:55	Name: guest_id Value: v1%3A172469574086576874
.monarchmoney.com/	1970-01-21 08:26:31	Name: _tt_enable_cookie Value: 1
.monarchmoney.com/	1970-01-21 08:26:31	Name: _ttp Value: Tm3qLMMn3JRgyu-ckj0wGk_80vH
.t.co/	1970-01-21 08:40:55	Name: muc_ads Value: 8a75d24a-0cc7-45fb-8759-638194ab2802
app.monarchmoney.com/	1969-12-31 23:59:59	Name: ajs_anonymous_id Value: 2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb
.monarchmoney.com/	1970-01-21 07:50:31	Name: singular_device_id Value: cca1e79b-ce66-4331-8a65-682fb0987b15
.monarchmoney.com/	1970-01-21 07:50:31	Name: ajs_anonymous_id Value: 2b2ce0fb-2cc2-4f88-98fd-298cbeb48abb
.monarchmoney.com/	1970-01-21 08:40:55	Name: _ga Value: GA1.2.1115916800.1724695744
.monarchmoney.com/	1970-01-20 23:06:22	Name: _gid Value: GA1.2.177056935.1724695744
.doubleclick.net/	1970-01-20 23:04:56	Name: test_cookie Value: CheckForPermission
m.stripe.com/	1970-01-21 08:40:55	Name: m Value: 652cb065-47f1-45ba-a321-d5827db272c5d7086d
.app.monarchmoney.com/	1970-01-21 07:50:31	Name: __stripe_mid Value: 30e85312-e6d1-468b-97ba-7476b4330af155ae7c
.app.monarchmoney.com/	1970-01-20 23:04:57	Name: __stripe_sid Value: 6cc7dd00-41de-4af8-aa16-fcedac653625b15d98

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
alb.reddit.com
analytics.tiktok.com
analytics.twitter.com
api.monarchmoney.com
api.sprig.com
app.monarchmoney.com
appleid.cdn-apple.com
bat.bing.com
cdn.plaid.com
cdn.segment.com
cdn.userleap.com
connect.facebook.net
ekr.zdassets.com
events-api.monarchmoney.com
events-cdn.monarchmoney.com
features.monarchmoney.com
googleads.g.doubleclick.net
js.stripe.com
monarchmoney.zendesk.com
o.clarity.ms
pixel-config.reddit.com
pixel.byspotify.com
pixels.spotify.com
sdk-api-v1.singular.net
sentry.io
static.ads-twitter.com
static.zdassets.com
status.monarchmoney.com
streaming.split.io
t.co
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.gstatic.com
www.redditstatic.com
api.monarchmoney.com
o.clarity.ms
104.16.51.111
104.18.72.113
104.244.42.67
13.224.189.121
13.224.189.85
13.33.187.40
142.250.185.196
146.75.120.157
151.101.1.140
151.101.65.140
157.240.251.9
172.217.18.98
184.24.77.152
2.21.20.12
216.58.206.34
216.58.212.131
23.218.69.7
2600:1901:1:7c5::
2600:9000:223d:e600:9:a6e8:8080:93a1
2600:9000:26e8:d600:d:cf84:bb40:93a1
2600:9000:275b:6c00:6:5671:b9c0:93a1
2606:4700:10::6816:3c79
2606:4700:10::6816:3d79
2620:1ec:33:1::10
2620:1ec:bdf::67
2a00:1450:4001:827::200e
2a00:1450:4001:82f::2003
2a00:1450:4013:c07::54
2a04:4e42::396
34.117.162.98
35.186.224.24
35.186.247.156
52.152.143.207
52.222.214.118
52.86.181.185
93.184.221.165
99.86.8.175
019b3738cec20a4caa76ada400d57ef94f1c19d02ac2739c46e8f2e0468620dd
0adb664f023c10dafb9862cb4b6ca9c90e19f4bdb60bc18bb0f67a3bbaf593c8
0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14
10ed8c832fa26d2f50fea6973e8b347758324a1fac048f992baffc30d266691a
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
13e3852d2c9f4f4bd3125764fa931927e2b6901960c971c3e28ba3911262a78f
1841814c013e399421904854b29e07a73d4d7bf44ca1f57f0a853d7aba9ac814
1a84151c25c961f96ff44075239a95633fae76ffb44e405b62af26a62419103d
20490cfcb843d804643e20e6d07936fb40dde6c923fb43588f7874a495a50638
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
20de2de93c034f0e1ed81727065936b52b3bedb10a612cc28afea038c740ef2f
23205dda36b7fc32e310d761a36bc25b417f34e35b956359356c4442d8f9c592
244d56ceae3f2752b26cbe829087d576d715275e60fe3efb58083652272255c0
2587000eee27625be5673b4dee08a84369e33a593159d30d5d823e4b461924bc
264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
390ef43c0b5dbc582e5739b1d396f223472ab9975bd1213561bae3441a0b745d
42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880
4317abdcf898d4294c6079c9c50ec877f993bc5d071871bfe8cace1ec1874a64
43a69bf8acf4aeee012a6f5a59b0c76ba1f8069bb82008849f284fa7a2db0344
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453587255e3306b50351d8120774686da9f8f49257ec71fbb786d2b2e22c50c5
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
4668b42c8c5e63f3aa1987896ce3aedc2c13a44c1fc6eb2d115ffca2cfc3a611
4bba68436fc217764bf6412bf62aaa3cd45b8037411b36ee711a3ce5b6c815e4
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4df53644d1c9fd651ccfd697977eb07d94cd744b0a4997568d67cc25ef44e483
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3
557c67c76c13a84e8b483ee1a0dfdd807399d960909266e7c6a83ddfadca9c81
5f3f33dcc409983a443e7c7937c946cd406231dc3d64b985f9ea04a86627bdd6
60c90063596ad373d42396f5c88f936d39544f801968ac93c1fe15b3feca090f
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
6779d21af697fc8ae9ec35c089cd39dd0fa9eab07390736b877f92a3d0d020ed
6c03914e8508cb6af00ba472eb252334c9a5d6ff1bfe7823c4364c08a4be130f
71b3d9510b068b9702004564237273eb07ae6daba95792db02de82b6c7b985f2
752fcc1c601e35558e40454b0f1145c22dbe774cef1ed8568da97ea331e9d42e
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54
848312e324cb800ec839beaa658f151deb8365a43cd55a0bd30058c5448670d7
849caf8a45bf4b74df6ae5f9e16fa4ecb6a4434b62cd834b9c4f631c6839bf1d
86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff
93b449763525f13633010ddce61b38378d1540ac14fa438699c98f7f82c6f5c2
93ba5f75f41cfe790ccfb3e08394d86c97606e11a173228f5a9cd14f3d07f9e1
9a95ae468165e0379cee7df2c0940352ec05acde75bdfcdfc2d7fd8483bffb8c
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
a6a10759097db886e581ff34a0b28693b7cbfa96a750b09cc9428fbfeedd890c
a985c483acb5886d3fddfa51bc6217f061de9a45a6b18a828a8c0b2a980a7564
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af626b854a946518a3a3c508ee9824e78ae985c5cda705c1d2a3fdaafe2254c0
b5fd82d19e45a2998d5ae86aa40b5a8409695806d77ed22681cdde94693c0cd6
b7ab3e7e2db63a50fa18c8651c930147cc4bf8207af2c1ca742b37f0e299c22d
b95963e2f0fbf8eb7463870ebe01ea25daf8e13128cbba25edc36f1038ad5f5d
ca2000e8bfea9f1a65578b79ac87bd2c0f936bd27c6990677d5ab072f24946d3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbf5816bdc700b18c3be9c798106262658ca8e966b5b82b22c94dda91da35d2e
d2fd60d2e910b8c256dab0c90c0dade58dd216eca76d0ff8f44e1ab12ce4eb08
d86abc5dfa7f11003c811cef84eb8d740b10a7f97f89e7dd29945a1455103c43
d9affb9be132f18ddba52f53549dabe8b4a644a4c1b2fe5d76bbd7750275da02
dcb35daf1d2978be617bd7d1ab747a2a7544df53aa042b6c5378e93c22764060
de0a685865e11857eb59fc72c7bc426af104c0307e099ba7377d4afe6503058d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6fa8e5c4ead3fe2cbd9f01169aba2e90dc25bf47c90d901a00bbbd11af4453d
e91bd6d37a2d6c0a38558cfe458338d7f0437252d5d4e3ebfffa5d2ba8e5aaa2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1a48590c19760375afb598df10f0deb2b5ca7ff527fa3a691c086fdc063395c
f3042155b43d9eafd3553035c29c863f3ced375e30003da6ba9dd274dba9e3a7
f3daef9cbafb6f4fdb45a1ae5d15c4648e1612d0dc9a371bf9944c9f3b35415d
f8f2538e22c79cb7dc4e0f946da89f14dde3c6fc8ed7e74ef32674f596e5e633
f9d2f93765355bf880f064950477035849e2bbf673e159d2074f5f3ec273a86c
fa3a8d411b49a9f9e568c053a6b3a85058bd3bb4e787641dc8364bf975dff15a
fbe85154b0a64dc98fbcb645f30f97ee21441d65ff4928a96521feb7131c7cc7

app.monarchmoney.com Open in urlscan Pro 2606:4700:10::6816:3c79 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

139 Requests

81 %HTTPS

32 %IPv6

29 Domains

38 Subdomains

37 IPs

5 Countries

3953 kBTransfer

15130 kBSize

19 Cookies

2 Outgoing links

Redirected requests

139 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

app.monarchmoney.com Open in urlscan Pro
2606:4700:10::6816:3c79 Public Scan

Screenshot
Live screenshot

Full Image

139
Requests

81 %
HTTPS

32 %
IPv6

29
Domains

38
Subdomains

37
IPs

5
Countries

3953 kB
Transfer

15130 kB
Size

19
Cookies

139 HTTP transactions
1 data transactions