www.firstfoundation.ca Open in urlscan Pro
172.66.43.88 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://rrsp-tfsa.ca/
Effective URL:
https://www.firstfoundation.ca/financial/
Submission: On August 23 via api (August 23rd 2024, 4:08:54 pm UTC) from US — Scanned from CA

Summary HTTP 73 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 21 IPs in 2 countries across 19 domains to perform 73 HTTP transactions. The main IP is 172.66.43.88, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.firstfoundation.ca.
TLS certificate: Issued by WE1 on July 8th 2024. Valid for: 3 months.

This is the only time www.firstfoundation.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	15.197.225.128 15.197.225.128	16509 (AMAZON-02) (AMAZON-02)
4 31	172.66.43.88 172.66.43.88	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	142.250.65.202 142.250.65.202	15169 (GOOGLE) (GOOGLE)
4	35.201.118.58 35.201.118.58	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	142.250.80.34 142.250.80.34	15169 (GOOGLE) (GOOGLE)
1	104.16.79.73 104.16.79.73	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	142.250.80.104 142.250.80.104	15169 (GOOGLE) (GOOGLE)
4	157.240.241.1 157.240.241.1	32934 (FACEBOOK) (FACEBOOK)
2	142.250.176.206 142.250.176.206	15169 (GOOGLE) (GOOGLE)
2	142.250.80.67 142.250.80.67	15169 (GOOGLE) (GOOGLE)
1	204.141.43.67 204.141.43.67	2639 (ZOHO-AS) (ZOHO-AS)
2	142.250.80.66 142.250.80.66	15169 (GOOGLE) (GOOGLE)
2	142.251.40.174 142.251.40.174	15169 (GOOGLE) (GOOGLE)
1	52.85.61.107 52.85.61.107	16509 (AMAZON-02) (AMAZON-02)
3	31.13.71.36 31.13.71.36	32934 (FACEBOOK) (FACEBOOK)
3	142.250.80.98 142.250.80.98	15169 (GOOGLE) (GOOGLE)
2	142.250.80.14 142.250.80.14	15169 (GOOGLE) (GOOGLE)
3	142.251.111.154 142.251.111.154	15169 (GOOGLE) (GOOGLE)
4	142.251.40.131 142.251.40.131	15169 (GOOGLE) (GOOGLE)
2	142.251.32.100 142.251.32.100	15169 (GOOGLE) (GOOGLE)
1	136.143.182.97 136.143.182.97	2639 (ZOHO-AS) (ZOHO-AS)
3	199.67.84.76 199.67.84.76	2639 (ZOHO-AS) (ZOHO-AS)
73	21

1 15.197.225.128 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: aec037177372cc6cd.awsglobalaccelerator.com

rrsp-tfsa.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

31 172.66.43.88 (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

www.firstfoundation.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
firstfoundation.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.65.202 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s72-in-f10.1e100.net

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.201.118.58 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 58.118.201.35.bc.googleusercontent.com

form.jotform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.jotformpro.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.34 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.79.73 (None, )

ASN13335 (CLOUDFLARENET, US)

static.cloudflareinsights.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.80.104 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 157.240.241.1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.176.206 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s37-in-f14.1e100.net

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.67 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f3.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 204.141.43.67 (United States)

ASN2639 (ZOHO-AS, US)

salesiq.zoho.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.66 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.40.174 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-107.ewr53.r.cloudfront.net

cdn.callrail.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.80.98 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s36-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.80.14 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s33-in-f14.1e100.net

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.111.154 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.40.131 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s80-in-f3.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.32.100 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 136.143.182.97 (United States)

ASN2639 (ZOHO-AS, US)

salesiq.zohopublic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.67.84.76 (United States)

ASN2639 (ZOHO-AS, US)

css.zohocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.zohocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	firstfoundation.ca 4 redirects www.firstfoundation.ca firstfoundation.ca	472 KB
8	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 td.doubleclick.net — Cisco Umbrella Rank: 481 stats.g.doubleclick.net — Cisco Umbrella Rank: 252	3 KB
6	google.com apis.google.com — Cisco Umbrella Rank: 225 analytics.google.com — Cisco Umbrella Rank: 238 www.google.com — Cisco Umbrella Rank: 10	82 KB
4	google.ca www.google.ca — Cisco Umbrella Rank: 9677	254 B
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	158 KB
4	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	405 KB
3	zohocdn.com css.zohocdn.com — Cisco Umbrella Rank: 23175 js.zohocdn.com — Cisco Umbrella Rank: 23336	66 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	2 KB
3	jotform.com form.jotform.com — Cisco Umbrella Rank: 47402	2 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104	21 KB
2	gstatic.com fonts.gstatic.com	24 KB
1	zohopublic.com salesiq.zohopublic.com — Cisco Umbrella Rank: 25661	15 KB
1	callrail.com cdn.callrail.com — Cisco Umbrella Rank: 17209	576 B
1	zoho.com salesiq.zoho.com — Cisco Umbrella Rank: 24049	47 KB
1	cloudflareinsights.com static.cloudflareinsights.com — Cisco Umbrella Rank: 1223	7 KB
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 176	21 KB
1	jotformpro.com secure.jotformpro.com	3 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	843 B
1	rrsp-tfsa.ca 1 redirects rrsp-tfsa.ca	318 B
73	19

	Domain	Requested by
28	www.firstfoundation.ca	1 redirects www.firstfoundation.ca static.cloudflareinsights.com
4	www.google.ca	www.firstfoundation.ca
4	connect.facebook.net	www.firstfoundation.ca connect.facebook.net
4	www.googletagmanager.com	www.firstfoundation.ca www.googletagmanager.com www.google-analytics.com
3	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
3	td.doubleclick.net	www.googletagmanager.com
3	www.facebook.com	connect.facebook.net www.firstfoundation.ca
3	form.jotform.com	www.firstfoundation.ca form.jotform.com secure.jotformpro.com
3	firstfoundation.ca	3 redirects
2	css.zohocdn.com	salesiq.zoho.com css.zohocdn.com
2	www.google.com	www.firstfoundation.ca
2	analytics.google.com	www.googletagmanager.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	googleads.g.doubleclick.net	www.googleadservices.com www.googletagmanager.com
2	fonts.gstatic.com	fonts.googleapis.com
2	apis.google.com	www.firstfoundation.ca apis.google.com
1	js.zohocdn.com	salesiq.zoho.com
1	salesiq.zohopublic.com	salesiq.zoho.com
1	cdn.callrail.com	www.googletagmanager.com
1	salesiq.zoho.com	www.firstfoundation.ca
1	static.cloudflareinsights.com	www.firstfoundation.ca
1	www.googleadservices.com	www.firstfoundation.ca
1	secure.jotformpro.com	www.firstfoundation.ca
1	fonts.googleapis.com	www.firstfoundation.ca
1	rrsp-tfsa.ca	1 redirects
73	25

This site contains links to these domains. Also see Links.

Domain
first-foundation-mortgages-inc.mtg-app.com
bookings.firstfoundation.ca
firstfoundation.kioskassist.com
goo.gl
my.planswell.com
www.edmontonrealestate.pro
www.layoffinsurance.ca
mortgageproscan.ca
www.linkedin.com
twitter.com
www.youtube.com
www.facebook.com

Subject Issuer	Validity	Valid
www.firstfoundation.ca WE1	`2024-07-08` - `2024-10-06`	3 months	crt.sh
upload.video.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
jotform.com Sectigo RSA Domain Validation Secure Server CA	`2024-02-20` - `2024-10-08`	8 months	crt.sh
*.googleadservices.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
cloudflareinsights.com WE1	`2024-07-06` - `2024-10-04`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-01` - `2024-08-30`	3 months	crt.sh
*.apis.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.zoho.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-29` - `2025-03-29`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
swappy.callrail.com Amazon RSA 2048 M03	`2024-06-10` - `2025-07-09`	a year	crt.sh
*.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.ca WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
zohopublic.com R11	`2024-07-12` - `2024-10-10`	3 months	crt.sh
*.zohocdn.com Sectigo RSA Domain Validation Secure Server CA	`2024-07-17` - `2025-08-16`	a year	crt.sh

This page contains 7 frames:

Primary Page: https://www.firstfoundation.ca/financial/
Frame ID: CA5CDE39E084CC757748D649A8BDF8C0
Requests: 66 HTTP requests in this frame

Frame: https://form.jotform.com/40126763331952?parentURL=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&jsForm=true
Frame ID: A0E67E7773296CF4F1F1E4276ACA3D7C
Requests: 1 HTTP requests in this frame

Frame: https://form.jotform.com/21697257863972?parentURL=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&jsForm=true
Frame ID: A2ABFBE494E7B69CF06195EED112BE2E
Requests: 1 HTTP requests in this frame

Frame: https://www.firstfoundation.ca/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js
Frame ID: 97E3E35EE235B0CA2E506AED76E3C0F7
Requests: 2 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/1061587441?random=1724429324760&cv=11&fst=1724429324760&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0z86850853za201zb6850853&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&hn=www.googleadservices.com&frm=0&tiba=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&npa=0&pscdl=noapi&auid=1424433852.1724429324&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 01E98FB3760AA5A9251D583CF6D937C6
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-CD6W6EB7M8&gacid=2026684373.1724429325&gtm=45je48l0v9116765317z86850853za200zb6850853&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1817997981
Frame ID: A69F7FF93A677644448A43694274F836
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-GV9TPCY84G&gacid=2026684373.1724429325&gtm=45je48l0v9116765317z86850853za200zb6850853&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1298037159
Frame ID: 27895D2DC9A2BB1176BF27F92E573117
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Financial Advisor & Planner Services Edmonton Calgary | First Foundation

Page URL History Show full URLs

https://rrsp-tfsa.ca/ HTTP 301
https://www.firstfoundation.ca/financial/ Page URL

Detected technologies

ExpressionEngine (CMS) Expand

Overall confidence: 100%
Detected patterns

CodeIgniter (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

Cloudflare Browser Insights (Analytics) Expand

Overall confidence: 100%
Detected patterns

static\.cloudflareinsights\.com/beacon(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Plus (Widgets) Expand

Overall confidence: 100%
Detected patterns

apis\.google\.com/js/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

73
Requests

95 %
HTTPS

0 %
IPv6

19
Domains

25
Subdomains

21
IPs

2
Countries

1329 kB
Transfer

3254 kB
Size

22
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://first-foundation-mortgages-inc.mtg-app.com/
Title: Mortgage: Apply Now>>

Search URL Search Domain Scan URL

URL: https://bookings.firstfoundation.ca/#/customer/tyler
Title: Schedule an Appointment »

Search URL Search Domain Scan URL

URL: https://firstfoundation.kioskassist.com/
Title: MyFoundation Client Portal >>

Search URL Search Domain Scan URL

URL: https://goo.gl/P6lk37
Title: Mortgage Blog Category

Search URL Search Domain Scan URL

URL: https://goo.gl/8hCoHZ
Title: Financial Planning Blog Category

Search URL Search Domain Scan URL

URL: https://goo.gl/Miyi5h
Title: Insurance Blog Category

Search URL Search Domain Scan URL

URL: https://my.planswell.com/en-CA/discovery/pw-tylerp
Title: Start Your Financial Plan Online >>

Search URL Search Domain Scan URL

URL: https://bookings.firstfoundation.ca/#/customer/financialplan
Title: Schedule an Appointment With a CFP

Search URL Search Domain Scan URL

URL: http://www.edmontonrealestate.pro/idx/
Title: Advanced Search

Search URL Search Domain Scan URL

URL: http://www.edmontonrealestate.pro/idx/map
Title: Map Search

Search URL Search Domain Scan URL

URL: http://www.layoffinsurance.ca/
Title: Layoff Insurance

Search URL Search Domain Scan URL

URL: https://mortgageproscan.ca/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/first-foundation-mortgages-investments-insurance
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/firstfoundation/
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCQA8xDqcLHl2HQ3E0rdnfrg
Title: Youtube

Search URL Search Domain Scan URL

URL: https://www.facebook.com/firstfoundation
Title: Facebook

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://rrsp-tfsa.ca/ HTTP 301
https://www.firstfoundation.ca/financial/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://firstfoundation.ca/assets/images/IIROC_ACPI_LOGO.png HTTP 301
https://www.firstfoundation.ca/assets/images/IIROC_ACPI_LOGO.png

Request Chain 5

https://firstfoundation.ca/media/imagic/Benefits_of_Working_with_a_Certified_Financial_Planner.png HTTP 301
https://www.firstfoundation.ca/media/imagic/Benefits_of_Working_with_a_Certified_Financial_Planner.png

Request Chain 7

https://firstfoundation.ca/uploads/PM/NORTHERN_ALBERTA_2023_6_YRS_TAG.png HTTP 301
https://www.firstfoundation.ca/uploads/PM/NORTHERN_ALBERTA_2023_6_YRS_TAG.png

Request Chain 44

https://www.firstfoundation.ca/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
https://www.firstfoundation.ca/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js

73 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3

200

Primary Request / Show response
www.firstfoundation.ca/financial/
Redirect Chain

https://rrsp-tfsa.ca/
https://www.firstfoundation.ca/financial/

40 KB
11 KB

347ms
283ms

Document
text/html

172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73152e12196cf1ffe8851d7da695e5b176d6c2d5bae957cb808d6518ac75b13e

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: max-age=1, private, must-revalidate
cf-cache-status: DYNAMIC
cf-ray: 8b7c5cdd6f615425-YYZ
content-encoding: br
content-type: text/html; charset=UTF-8
date: Fri, 23 Aug 2024 16:08:42 GMT
expires: Mon, 26 Jul 1997 05:00:00 GMT
last-modified: Fri, 23 Aug 2024 16:08:41 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma: no-cache
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JaQonWRq40RHn2fpLT6osYVnln%2B0BYl%2BEN3MtRFbIoJ2jCtZwp44DNn8X8BaqEbuQLQ8EBdpASAGJidDuJO10YJ8NfFRKwMCdNyTj6uc5KXhnY85vcxVSkXTt2vibV1dygQptrBf2Cs%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
x-cache-nxaccel: BYPASS
x-frame-options: SAMEORIGIN

Redirect headers

Connection: close
Content-Length: 76
Content-Type: text/html; charset=utf-8
Date: Fri, 23 Aug 2024 16:08:41 GMT
Location: https://www.firstfoundation.ca/financial/
Server: ip-10-123-125-141.ec2.internal
Vary: Accept-Encoding
X-Request-Id: 69b7822e-a32c-48e2-a5f3-1f4f3210e914

GET
H2 200 css
fonts.googleapis.com/ 2 KB
843 B 627ms
52ms Stylesheet
text/css 142.250.65.202
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.65.202 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s72-in-f10.1e100.net

Software

ESF /

Resource Hash

c6fdafff5ebb1051a3eeec76fc4ed6988433aee0046e5c7d4a02ee38e9730a15

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 23 Aug 2024 16:08:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 23 Aug 2024 16:08:42 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 23 Aug 2024 16:08:42 GMT

GET
H3 200 above-the-fold.min.1558698904.css
www.firstfoundation.ca/assets/css/ 35 KB
9 KB 32ms
32ms Stylesheet
text/css 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 98fd14a7dd74f7f92b926b55b1ff8fa04856dcfe3229b757910253ee5fa481a8

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:42 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 183010
x-cache-nxaccel: MISS
alt-svc: h3=":443"; ma=86400
last-modified: Fri, 24 May 2019 11:55:04 GMT
server: cloudflare
etag: W/"8c9e-589a0de7c1600"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2Bs9Hq5lOOK88qDVUrDzhnO7Wj3NWeM4TD%2Bj%2Fq11TE%2BJhlXC8Qsqz15x19UMzQxuC0jQBqkA%2BY6L1IZ0TYgI6Lz04%2Bl3ZndErmRPgQwjpRYYUo80zTx%2F38WUNi0o9wrvh%2BHBd7%2FCAo8%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 8b7c5cdfe96f5425-YYZ
expires: Sun, 25 Aug 2024 14:57:02 GMT

GET
H3 200 logo.png
www.firstfoundation.ca/assets/images/ 2 KB
3 KB 32ms
31ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/logo.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0020742c62697f7ce1453e65054c48333fa7140961f952b5a2d220020a76771

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 269387
cf-polished: origFmt=png, origSize=2793
x-cache-nxaccel: MISS
content-disposition: inline; filename="logo.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2384
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "ae9-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ca7tt2Sf0H%2BBOHP5zk0qiF4M3kRwz29sjtNfmNm1pZ0jT73ZZUjMkFpn94bULP%2B8O%2F74daQyI%2FU7vwMzuNWhXmcb%2Bc8RCZApNrUfZNN4Fr1xTV%2BAOQy35BmRGr8FNjeBmxB5QwfinHc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5cdfe9705425-YYZ
expires: Tue, 10 Sep 2024 17:09:41 GMT

GET
H3 200 cfp_300x300.png
www.firstfoundation.ca/assets/images/ 9 KB
10 KB 67ms
66ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/cfp_300x300.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 34b152416fba366a6cd9711df7dc744745c0cf8687f845a52fcb17f26c6cb35a

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origFmt=png, origSize=20395
x-cache-nxaccel: MISS
content-disposition: inline; filename="cfp_300x300.webp"
alt-svc: h3=":443"; ma=86400
content-length: 9138
cf-bgj: imgq:100,h2pri
last-modified: Thu, 28 May 2020 22:34:56 GMT
server: cloudflare
etag: "4fab-5a6bcf01c4400"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p4Z8PuLgHw6fDFtqf5MIDh5Lv%2BgwH337HulcGNGNYJ1lIXruFrf2RsvR3cVDmwXpF%2BXKfj6ax4b4lwF8FxcNDhZQwLI4zS%2FQ2sqew6L7i%2B2ZAnflBWDII5dwabV7qTm2bMVY43QQHqY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5cdfe9715425-YYZ
expires: Wed, 18 Sep 2024 21:23:45 GMT

GET
H3

200

IIROC_ACPI_LOGO.png
www.firstfoundation.ca/assets/images/
Redirect Chain

https://firstfoundation.ca/assets/images/IIROC_ACPI_LOGO.png
https://www.firstfoundation.ca/assets/images/IIROC_ACPI_LOGO.png

14 KB
15 KB

216ms
215ms

Image
image/webp

172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/IIROC_ACPI_LOGO.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9c902c08b8661f4b92d55e49021b15a5ee1fe2dcf226b3545654832cad3eba17

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origFmt=png, origSize=20350
x-cache-nxaccel: MISS
content-disposition: inline; filename="IIROC_ACPI_LOGO.webp"
alt-svc: h3=":443"; ma=86400
content-length: 14372
cf-bgj: imgq:100,h2pri
last-modified: Sat, 12 Feb 2022 00:00:00 GMT
server: cloudflare
etag: "4f7e-5d7c6dd4f2000"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HMdivOVCFhMiprdSpG7%2BSCAc1eYUTGIBAycef5CehYKYkd%2FQclu4xLwLkIGNFqsfVCLwQDUzlKTEcOpXXwhwclaOTItyPrN5pN3WvTaPsW4uLEpYlJbwERxygjcGy2RVQRQcuYMPNuY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce67ebd5425-YYZ
expires: Sun, 22 Sep 2024 11:51:20 GMT

Redirect headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NjV%2Fo0ARSIF2KAB91GYzlu6Y9C3X8ABErrFYya10MfWKvIQ3XYJLZJL7ydR3mPChxiY20d2LIOvB3Mwf%2F%2BHHYoFm2QCzMwHkgyP7vVfJ1npleyP2b%2F%2BQOQuy3ouDFH9nE4BVcA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-nxaccel: MISS
location: https://www.firstfoundation.ca/assets/images/IIROC_ACPI_LOGO.png
content-type: text/html; charset=iso-8859-1
cache-control: max-age=28800
cf-ray: 8b7c5ce539faab75-YYZ
alt-svc: h3=":443"; ma=86400
expires: Fri, 23 Aug 2024 16:08:43 GMT

GET
H3

200

Benefits_of_Working_with_a_Certified_Financial_Planner.png
www.firstfoundation.ca/media/imagic/
Redirect Chain

https://firstfoundation.ca/media/imagic/Benefits_of_Working_with_a_Certified_Financial_Planner.png
https://www.firstfoundation.ca/media/imagic/Benefits_of_Working_with_a_Certified_Financial_Planner.png

140 KB
141 KB

112ms
111ms

Image
image/webp

172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/media/imagic/Benefits_of_Working_with_a_Certified_Financial_Planner.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 582843ef3c94fd8ac34f30ec3efeac9ad8f8236f597122d5b8d510f8b559b6f9

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origFmt=png, origSize=172274
x-cache-nxaccel: MISS
content-disposition: inline; filename="Benefits_of_Working_with_a_Certified_Financial_Planner.webp"
alt-svc: h3=":443"; ma=86400
content-length: 143762
cf-bgj: imgq:100,h2pri
last-modified: Thu, 28 May 2020 22:11:06 GMT
server: cloudflare
etag: "2a0f2-5a6bc9ae03280"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lxMLsodggm5NUEC2ORJDvFU3gM8lo2Zd975ub4M1SO2PUlaqw8fdM%2Bc9QW0tY1F4C1wy0eZUupbHnyrhAi96V%2BU8KfG4SQr9rfV5mrld1Kjq4FeNcAQ1PQRwlQg4CcNxigu8WhIksqk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce67ebb5425-YYZ
expires: Sat, 21 Sep 2024 16:11:15 GMT

Redirect headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BunUxliyroOhtkXSGO4AN2NR2i0qsCeWMwQ08wxy2o1a59zotjoJhu0BKCkujVHaRDxHejp%2FQoqsacvxKZ0y5Rc488dSUuMa%2FwTVMaZpRYT6cvHL2krT3oNO0%2BnTRG0rllQMeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-nxaccel: MISS
location: https://www.firstfoundation.ca/media/imagic/Benefits_of_Working_with_a_Certified_Financial_Planner.png
content-type: text/html; charset=iso-8859-1
cache-control: max-age=28800
cf-ray: 8b7c5ce539fbab75-YYZ
alt-svc: h3=":443"; ma=86400
expires: Fri, 23 Aug 2024 16:08:43 GMT

GET
H2 200 40126763331952 Show response
form.jotform.com/jsform/ 6 KB
2 KB 549ms
45ms Script
text/javascript 35.201.118.58
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://form.jotform.com/jsform/40126763331952
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.118.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 58.118.201.35.bc.googleusercontent.com
Software: CacheX v3.3 /
Resource Hash: b6ed81eee6d6ae94d8db1ea024a95f2cf38a25eaa4cc830edf09b599f4c2e833

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
content-encoding: gzip
cache-hit: 1
via: 1.1 google
server: CacheX v3.3
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3

200

NORTHERN_ALBERTA_2023_6_YRS_TAG.png
www.firstfoundation.ca/uploads/PM/
Redirect Chain

https://firstfoundation.ca/uploads/PM/NORTHERN_ALBERTA_2023_6_YRS_TAG.png
https://www.firstfoundation.ca/uploads/PM/NORTHERN_ALBERTA_2023_6_YRS_TAG.png

72 KB
73 KB

47ms
46ms

Image
image/webp

172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/uploads/PM/NORTHERN_ALBERTA_2023_6_YRS_TAG.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3b0d69efedfb89da8e26d3f579de61f3ef732629b672b0fd853eabf2e1c4d5e1

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 140336
cf-polished: origFmt=png, origSize=115587
x-cache-nxaccel: MISS
content-disposition: inline; filename="NORTHERN_ALBERTA_2023_6_YRS_TAG.webp"
alt-svc: h3=":443"; ma=86400
content-length: 73924
cf-bgj: imgq:100,h2pri
last-modified: Fri, 06 Oct 2023 18:53:34 GMT
server: cloudflare
etag: "1c383-60710c1eb8eda"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l7Aamg8TE7fLiTMqGXxfwCROoTp1LEzNu%2FvT%2FuvEd4821hRCZ4T%2FiuHPT6ne9DBHOJf6A0XPyjEhgputttm2O3frTU9v8e0kkjCliwcjfEbzp2xCOZdLWFKHx2Bi%2BmxpkbVp6DKlLFg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce67eb95425-YYZ
expires: Sat, 14 Sep 2024 18:23:57 GMT

Redirect headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: EXPIRED
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8WVVlPKl3ANyTwMVEGvN69I5ak3cZR%2BTPsKlzVq8LY985A6XxaiZpvY7eKCBZuO6F6yKHNcMiLi%2F1Qs15It7TO9R0IMSK%2FhQFbthFppq8%2B0CDp407sp37pI4AHjIXCn%2FXB%2F7Rg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-cache-nxaccel: MISS
location: https://www.firstfoundation.ca/uploads/PM/NORTHERN_ALBERTA_2023_6_YRS_TAG.png
content-type: text/html; charset=iso-8859-1
cache-control: max-age=28800
cf-ray: 8b7c5ce539fdab75-YYZ
alt-svc: h3=":443"; ma=86400
expires: Fri, 23 Aug 2024 16:08:43 GMT

GET
H3 200 Refinancing_Ad_250x300_knockout.jpg
www.firstfoundation.ca/uploads/advertisements/ 41 KB
42 KB 82ms
71ms Image
image/jpeg 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/uploads/advertisements/Refinancing_Ad_250x300_knockout.jpg
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6bfdf84c34e436af5cef64f1fb615310ea6433edf98d4c52111521f00714a02b

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
cf-polished: origSize=46892
x-cache-nxaccel: MISS
alt-svc: h3=":443"; ma=86400
content-length: 41964
cf-bgj: imgq:100,h2pri
last-modified: Mon, 22 Feb 2016 23:46:02 GMT
server: cloudflare
etag: "b72c-52c646f776280"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KEvzJRShN2ICrn5oSSLefkeawge1Xh4BUdW30ocJzaH82iV9hDE%2Fh6CCH9NjfECIarN8kypTJQvR7Yf9Hw30tvoROxTkCWYT6TA%2FdFmfexvPm8%2FBvRtPob709qcYAIhSPydqFwA4jSQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce4ad5e5425-YYZ
expires: Sat, 14 Sep 2024 13:03:10 GMT

GET
H2 200 21697257863972 Show response
secure.jotformpro.com/jsform/ 6 KB
3 KB 714ms
211ms Script
text/javascript 35.201.118.58
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://secure.jotformpro.com/jsform/21697257863972
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.118.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 58.118.201.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: e16de32eed9c11abecc541412975bfd45421701121274d30cb7523720d04e1e7

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:43 GMT
content-encoding: gzip
via: 1.1 google
last-modified: Fri, 23 Aug 2024 16:08:43 GMT
server: nginx
vary: Accept-Encoding
p3p: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
content-type: text/javascript; charset=utf-8
cache-control: no-cache
jf-trace-id: 3cb25e925d243c6d
global-router: true
x-raw-uri: /jsform/:id
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 01 Jan 1970 00:00:01 GMT

GET
H3 200 MPC_69x69.png
www.firstfoundation.ca/assets/images/ 2 KB
3 KB 52ms
42ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/MPC_69x69.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 722d816917f75fb60dfb01bfa0685d0090f009b48eb1c6b602e42f8a51a7d91e

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 157687
cf-polished: origFmt=png, origSize=4537
x-cache-nxaccel: MISS
content-disposition: inline; filename="MPC_69x69.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2304
cf-bgj: imgq:100,h2pri
last-modified: Sat, 12 Feb 2022 00:35:10 GMT
server: cloudflare
etag: "11b9-5d7c75b132b80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nl92iGHajwrGaf9wJPvIJTnp%2BCcJHWFRhZMiijaIcQSUOqA6tAah4qkcnA%2Bimt6yVoFzs0wjqtP5qkCp46m4K28blLbIQVMm4tjDtNQqpHFvwEpy8MHyLSouYFsEv%2FneopnaKJcafUo%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce4ad5f5425-YYZ
expires: Sat, 14 Sep 2024 19:37:26 GMT

GET
H3 200 IIROC_ACPI_LOGO_80H.png
www.firstfoundation.ca/assets/images/ 20 KB
21 KB 61ms
50ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/IIROC_ACPI_LOGO_80H.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0571ad0ecaab62d8ff77c9bbbf39df5188474855b765e8a9d7a3b8694e8671ea

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 187125
cf-polished: origFmt=png, origSize=30846
x-cache-nxaccel: MISS
content-disposition: inline; filename="IIROC_ACPI_LOGO_80H.webp"
alt-svc: h3=":443"; ma=86400
content-length: 20780
cf-bgj: imgq:100,h2pri
last-modified: Sat, 12 Feb 2022 00:37:10 GMT
server: cloudflare
etag: "787e-5d7c7623a3980"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FcDwjTiUImSgaSkZ9h1ufyM2pF8AGgGeJGFh3p%2B1XP%2FB4BdSkPNygXypESoAi0CrdEp1bToHimbYja0IyWnc%2FFNPBlIPRK0mabt4ahDAeUw%2BR%2F%2BoqGYxm4PNHuFbZN8JWPQfe1%2BqOBA%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce4ad605425-YYZ
expires: Fri, 13 Sep 2024 18:48:52 GMT

GET
H3 200 site.min.1558698618.js Show response
www.firstfoundation.ca/assets/js/ 118 KB
41 KB 126ms
115ms Script
application/javascript 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstfoundation.ca/assets/js/site.min.1558698618.js
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52857bee99477d24edf782b102f00e242d58e1e754cfb9f0fc60bd86840fdca9

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
content-encoding: gzip
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-cache-nxaccel: HIT
alt-svc: h3=":443"; ma=86400
content-length: 41404
last-modified: Fri, 24 May 2019 11:50:18 GMT
server: cloudflare
etag: "1d8ee-589a0cd701280-gzip"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T3GF2n4YAVROE%2FqAi7p%2FvQSukJertHOPoRAMlW24mrvjCEgs95IMSQmijBWkt5JF8lc1C4e04NVzO1hBlPKGYVn6%2FdwhukViOsZQH%2F8mxshKcDtPp2G7xSbE9nq7D6pA%2FMKmKs7TF54%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=604800, private
accept-ranges: bytes
cf-ray: 8b7c5ce4ad625425-YYZ
expires: Fri, 30 Aug 2024 16:08:27 GMT

GET
H3 200 conversion.js Show response
www.googleadservices.com/pagead/ 57 KB
21 KB 387ms
103ms Script
text/javascript 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion.js

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.34 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

0dbdc9b7434e8e13dc81e4257e5ad9158e21477de60da5bc2b9a950b4f521741

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 21239
x-xss-protection: 0
server: cafe
etag: 1857951596003301992
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Fri, 23 Aug 2024 16:08:43 GMT

GET
H2 200 vcd15cbe7772f49c399c6a5babf22c1241717689176015 Show response
static.cloudflareinsights.com/beacon.min.js/ 19 KB
7 KB 557ms
58ms Script
text/javascript 104.16.79.73
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.79.73 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f

Request headers

Referer: https://www.firstfoundation.ca/
Origin: https://www.firstfoundation.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
content-encoding: gzip
last-modified: Thu, 06 Jun 2024 15:52:56 GMT
server: cloudflare
etag: W/"2024.6.1"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=86400
cross-origin-resource-policy: cross-origin
cf-ray: 8b7c5ce7adbeabee-YYZ

GET
H3 200 the-rest.min.1644947054.css
www.firstfoundation.ca/assets/css/ 112 KB
40 KB 68ms
62ms Stylesheet
text/css 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b2aad7de9f37c25ab9bba96cd7d4f3dbf5141dce270b4ea93649b0f8e8ad405a

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 253406
x-cache-nxaccel: MISS
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 15 Feb 2022 17:44:14 GMT
server: cloudflare
etag: W/"1bf22-5d81214d3f780"
vary: Accept-Encoding, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8X%2FDlBkK77AsEJI35cFEz79EJEIwjfzc4kHiJ721rNM5yuhucGCukQrSVxuHBdvllNvbiiki%2Bq6ZmFcvuoLDuumM3o4X1f2%2BeltMvOz%2F%2BpgdNAOoL%2Bj5e8VdrgsTOH99ACnO5DdEfWQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=604800
cf-ray: 8b7c5ce4ad645425-YYZ
expires: Tue, 27 Aug 2024 04:13:51 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 328 KB
107 KB 573ms
77ms Script
application/javascript 142.250.80.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-TKV3CR

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.104 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

bf6d172b5ad71bbc7d8c0d566d11f31c71902674290b30df1a78514594d6c882

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 109148
x-xss-protection: 0
last-modified: Fri, 23 Aug 2024 15:50:15 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 23 Aug 2024 16:08:43 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 535ms
45ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

adeec3c8bc18978d61b3215d80f343d0c49e69cf5317cd0749e3b46bd83026d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 23 Aug 2024 16:08:43 GMT
content-md5: rcTXxYtbtx0BjDYBH8wbfQ==
document-policy: force-load-at-top
x-fb-server-load: 28
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 1689
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=32, rtx=0, c=23, mss=1232, tbw=4463, tp=12, tpl=0, uplat=0, ullat=-1
x-fb-debug: mtVEY0rZCtf0Bu9+eGC9ziCmLqmIowXT+WEgHCK1l5TqF07Jk5Z6sRigjKCkoKysoqohFf6qwlSE9WvRlXXeXA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 104cbaa136c297f21854fbcf3426d663
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "4d22587b92dc663c572d54e4ec3e3fab"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=1200,stale-while-revalidate=3600
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Fri, 23 Aug 2024 16:12:53 GMT

GET
H2 200 plusone.js Show response
apis.google.com/js/ 64 KB
25 KB 551ms
58ms Script
text/javascript 142.250.176.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/plusone.js

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f14.1e100.net

Software

sffe /

Resource Hash

b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec

Security Headers

Name	Value
Content-Security-Policy	require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 23 Aug 2024 16:08:43 GMT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24573
x-xss-protection: 0
server: sffe
cross-origin-opener-policy: same-origin; report-to="gapi-team"
etag: "e4e7ebe67301dd3d"
vary: Accept-Encoding
report-to: {"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 23 Aug 2024 16:08:43 GMT

GET
H3 200 top_line.gif
www.firstfoundation.ca/assets/images/ 74 B
664 B 69ms
65ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/top_line.gif
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4c094182b5cabe9021b8dda00297e5c7c32f83f38619cf094257d5e029299699

Request headers

Referer: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 77047
cf-polished: origFmt=gif, origSize=320
x-cache-nxaccel: MISS
content-disposition: inline; filename="top_line.webp"
alt-svc: h3=":443"; ma=86400
content-length: 74
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "140-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XPBB34F2GrEbA2zZKfHp0igBBl0V5tGUI7d3aB7K4U%2FAma0CcGSEwqunnV85ZHCiCV9cpcOzWzDbxpKIhTlxLOvUQUooxcD%2BgnueTgsbmlkEaS92e33oCSwuWwVBjetobzrKQFW%2Fnbk%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce53e065425-YYZ
expires: Fri, 20 Sep 2024 22:36:34 GMT

GET
H3 200 icon_search.gif
www.firstfoundation.ca/assets/images/ 176 B
767 B 38ms
35ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/icon_search.gif
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9248f9dcb6b3c9b58999b21bdd10cc2f3a1dd8260679830c5e03db209104d92f

Request headers

Referer: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 88955
cf-polished: origFmt=gif, origSize=269
x-cache-nxaccel: MISS
content-disposition: inline; filename="icon_search.webp"
alt-svc: h3=":443"; ma=86400
content-length: 176
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "10d-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lzXC35kCfKWGOUtsRVxx0V8lEcVeORx2aGgaLlOTgtbv476CgU7lPoxnNBh4A%2FIX9RIYOnx8RaxA7Ecuif3NfeweoOyNk3uqyx7AJ0ca2RVvFIDi9k7L4nJtb23hUOl%2FBNbDb1BItRg%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce53e0a5425-YYZ
expires: Sat, 14 Sep 2024 19:05:12 GMT

GET
H3 200 bg_squares_half.gif
www.firstfoundation.ca/assets/images/ 44 B
638 B 39ms
35ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/bg_squares_half.gif
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 42094a7705f0d0ea137d847f5636021885167ddd1623c6b0ab54a4862f7722d0

Request headers

Referer: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65565
cf-polished: origFmt=gif, origSize=45
x-cache-nxaccel: MISS
content-disposition: inline; filename="bg_squares_half.webp"
alt-svc: h3=":443"; ma=86400
content-length: 44
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "2d-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xwSdkzSiCmMmrdzkZI5WVbPzptWiZW75TyDWsAPuWAW2jbl8PSsOydL27UuxCOFe%2B9xWfaISoQRchndeJDD2ec6a16WXiZa5Oq%2FMrBjr%2BkqH0JIZtHhJcdMdcl294wiuS3qu%2Bj64tAQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce53e0c5425-YYZ
expires: Sat, 14 Sep 2024 14:47:21 GMT

GET
H2 200 NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2
fonts.gstatic.com/s/titilliumweb/v17/ 12 KB
12 KB 480ms
39ms Font
font/woff2 142.250.80.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v17/NaPDcZTIAOhVxoMyOr9n_E7ffHjDGItzYw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.67 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f3.1e100.net

Software

sffe /

Resource Hash

d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.firstfoundation.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Wed, 21 Aug 2024 22:36:59 GMT
x-content-type-options: nosniff
age: 149504
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11796
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:48:16 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Aug 2025 22:36:59 GMT

GET
H2 200 NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2
fonts.gstatic.com/s/titilliumweb/v17/ 12 KB
12 KB 496ms
56ms Font
font/woff2 142.250.80.67
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/titilliumweb/v17/NaPecZTIAOhVxoMyOr9n_E7fdMPmDQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Titillium+Web:400,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.67 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f3.1e100.net

Software

sffe /

Resource Hash

557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.firstfoundation.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 09:38:09 GMT
x-content-type-options: nosniff
age: 23434
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12372
x-xss-protection: 0
last-modified: Thu, 24 Aug 2023 20:30:13 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 23 Aug 2025 09:38:09 GMT

GET
H3 200 heading_banner.png
www.firstfoundation.ca/assets/images/ 344 B
947 B 82ms
75ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/heading_banner.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 64162abc44e064c588108b6ef18dd54fe332b2678a0537168bfb85d762867e77

Request headers

Referer: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 168554
cf-polished: origFmt=png, origSize=816
x-cache-nxaccel: MISS
content-disposition: inline; filename="heading_banner.webp"
alt-svc: h3=":443"; ma=86400
content-length: 344
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "330-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zWpMNCO%2B6nDIMX4Cirg3nz2Vj60orpuyMIKLASIdJe64pMjIMyOIZ572HDPfYpz3im%2FsHXkD%2Fdfhstb%2F%2FPwoZv6uy79SpUpuigSFMLmsFkCqeOqyUVps6ndQzqTiRmiQ%2BNQAYYUxqpE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce77f5f5425-YYZ
expires: Thu, 19 Sep 2024 16:44:02 GMT

GET
H3 200 icon-sprite.png
www.firstfoundation.ca/assets/images/ 46 KB
47 KB 83ms
76ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/icon-sprite.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: db352eafbe6951971712c7e287205a431be22c9677558158796ea0b7a83dee61

Request headers

Referer: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 342940
cf-polished: origFmt=png, origSize=60673
x-cache-nxaccel: MISS
content-disposition: inline; filename="icon-sprite.webp"
alt-svc: h3=":443"; ma=86400
content-length: 47242
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "ed01-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rVhnPHx7rVFUU7YP9B8QMjpCCMX6IaRlUs8B1uIL3ueAtAMOk89ZQ5Ilf7drAGTEK4MRj7w8PdB8Z2xURZL%2FXiEUTJxga43%2B59uda86%2FHwRGI1WsxS0ADCJXLGQOtWX8dxYivWnuRwY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ce77f625425-YYZ
expires: Mon, 16 Sep 2024 13:10:49 GMT

GET
H3 200 all.js Show response
connect.facebook.net/en_US/ 301 KB
85 KB 84ms
37ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/all.js?hash=6643b870450c7063868d1021060bd896

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

8bbe70ea5d9d1a43a587adf4183427d431e60dea88075256adbe458c15c648e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.firstfoundation.ca/
Origin: https://www.firstfoundation.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 23 Aug 2024 16:08:43 GMT
content-md5: a40JHgd9o/sPGgMYAjsa1g==
document-policy: force-load-at-top
x-fb-server-load: 39
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 87223
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=34, rtx=0, c=23, mss=1232, tbw=4308, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug: MwimHFNbqeni+AFY65JGS/520uBphL5KxTGGN7oJAwTT2vyTBmzDSiO7fFP06iWpkGvCaucu+54YA1lquOEkFQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: c002527d5784a3bb86a6c9383a904ba5
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
etag: "84949a4ac4129b48c4a6ff3bdfd2676e"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
origin-agent-cluster: ?0
access-control-expose-headers: X-FB-Content-MD5
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options: DENY
timing-allow-origin: *
priority: u=3,i
expires: Sat, 23 Aug 2025 13:03:46 GMT

GET
H2 200 40126763331952
form.jotform.com/ Frame A0E6 0
0 292ms
48ms Document
text/html 35.201.118.58
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://form.jotform.com/40126763331952?parentURL=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&jsForm=true
Requested by: Host: form.jotform.com
URL: https://form.jotform.com/jsform/40126763331952
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.118.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 58.118.201.35.bc.googleusercontent.com
Software: CacheX v3.3 /
Resource Hash

Request headers

Referer: https://www.firstfoundation.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
cache-hit: 1
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 23 Aug 2024 16:08:44 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: CacheX v3.3
vary: Accept-Encoding
via: 1.1 google

GET
H2 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/ 163 KB
57 KB 100ms
83ms Script
text/javascript 142.250.176.206
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.en._ShUtMH1OvQ.O/m=plusone/rt=j/sv=1/d=1/ed=1/am=AABA/rs=AHpOoo9sEd_Wjj_xEtgO8qX69P7hAZI9cg/cb=gapi.loaded_0?le=scs

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/plusone.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.176.206 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s37-in-f14.1e100.net

Software

sffe /

Resource Hash

4d357846b85b33441b4ba2409f7affa2212ae546890a8b42f8a8baee386a54b5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 20:41:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 242848
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 57929
x-xss-protection: 0
last-modified: Thu, 08 Aug 2024 21:32:10 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="social-frontend-mpm-access"
vary: Accept-Encoding
report-to: {"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Wed, 20 Aug 2025 20:41:15 GMT

GET
H2 200 21697257863972
form.jotform.com/ Frame A2AB 0
0 65ms
65ms Document
text/html 35.201.118.58
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://form.jotform.com/21697257863972?parentURL=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&jsForm=true
Requested by: Host: secure.jotformpro.com
URL: https://secure.jotformpro.com/jsform/21697257863972
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.118.58 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 58.118.201.35.bc.googleusercontent.com
Software: CacheX v3.3 /
Resource Hash

Request headers

Referer: https://www.firstfoundation.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache
cache-hit: 1
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Fri, 23 Aug 2024 16:08:44 GMT
expires: Thu, 01 Jan 1970 00:00:01 GMT
server: CacheX v3.3
vary: Accept-Encoding
via: 1.1 google

GET
H/1.1 200 widget Show response
salesiq.zoho.com/ 155 KB
47 KB 822ms
228ms Script
text/javascript 204.141.43.67
ZOHO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://salesiq.zoho.com/widget

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

204.141.43.67 , United States, ASN2639 (ZOHO-AS, US),

Reverse DNS

Software

ZGS /

Resource Hash

c5ae733d2cc468404e1d335e85c826e2e5f8792be35a968e20eaf497548e47c3

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 23 Aug 2024 16:08:44 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=63072000
Transfer-Encoding: chunked
Connection: keep-alive
Pragma
Server: ZGS
ETag: W/33f287043b65ff31ab1661bbdb8fba258975f93f8cc0942d19dbac6078074144
X-Frame-Options: SAMEORIGIN
vary: accept-encoding
Content-Type: text/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: must-revalidate
Encoding: UTF-8
Expires: Fri, 23 Aug 2024 16:13:44 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1061587441/ 3 KB
1 KB 640ms
75ms Script
text/javascript 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1061587441/?random=1724429323944&cv=9&fst=1724429323944&num=1&label=wP4UCKeyzwIQ8ZOa-gM&guid=ON&resp=GooglemKTybQhCsO&eid=376635470%2C375603261%2C466465926%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&tiba=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&hn=www.googleadservices.com&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

394f35cd19298867063bbdd064edc9bfa762d3eb144ad82ba83e799bf03056e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1440
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 bg_squares_blue.gif
www.firstfoundation.ca/assets/images/ 53 B
619 B 47ms
40ms Image
image/gif 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/bg_squares_blue.gif
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 31440826df0ec544530ad0a3f316d2ea03c936cab55c15fc83950d27fcc3353a

Request headers

Referer: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 253407
cf-polished: origSize=54, status=webp_bigger
x-cache-nxaccel: MISS
alt-svc: h3=":443"; ma=86400
content-length: 53
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "36-4e10f1df1fd80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Yh7rWq902UB7lWf%2Bp7%2FVpcQT2A7Aeg2dnXXvUD0eAnSZAePlFHx1ZTH6wi6J8buwTRvE%2B7lDtk3YPi%2BkTmxdk3MMoonnuqoCT9IsZXVUamN1ZzkTvuBjOG0AV1Y5FUtNCE1vElg328%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ceae9f75425-YYZ
expires: Thu, 19 Sep 2024 04:13:51 GMT

GET
H3 200 small-arrow.png
www.firstfoundation.ca/assets/images/ 72 B
664 B 41ms
39ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/small-arrow.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 586086be5c643db663891f93064b6dd493c6c5e280cab116f81bcd94bea54e6c

Request headers

Referer: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 65928
cf-polished: origFmt=png, origSize=110
x-cache-nxaccel: MISS
content-disposition: inline; filename="small-arrow.webp"
alt-svc: h3=":443"; ma=86400
content-length: 72
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "6e-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=88o%2BdlMhZa6O7mSbb8ObW1KOnqMnN51N%2BSvziWrvhPI8F6BX0BuRHVQHXdzbCczX0n6D0JQrXasPIAlx1OcqroXfvJssoEd3dgG8FCtpA2ilQ4V01C0JO3jzngm1WVEP9Vl%2BYwWgSw0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ceae9fb5425-YYZ
expires: Sun, 15 Sep 2024 20:50:27 GMT

GET
H3 200 bg_squares_blue_half.gif
www.firstfoundation.ca/assets/images/ 37 B
592 B 41ms
39ms Image
image/gif 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/bg_squares_blue_half.gif
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3c354a3788639ae9e83bd8fe20b0ddcbe5178ed69ec39fcd7a50183e8695de3f

Request headers

Referer: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:43 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 153014
cf-polished: status=not_needed
x-cache-nxaccel: MISS
alt-svc: h3=":443"; ma=86400
content-length: 37
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "25-4e10f1df1fd80"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r0CzDanqi75fmD%2FLJB25IPvxVMdG0GZIFgErtAGmfO9b9W%2BoiPX121d4%2BoXJj1rQPV08TAZD2DqdSS9uI%2BxRRfirWm2vdfYXRSZyYB0DeROHfG0zyerulniG3UY9BfaT2cXClqsbjB0%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ceae9fd5425-YYZ
expires: Thu, 19 Sep 2024 06:01:27 GMT

GET
H3 200 main-sprite.png
www.firstfoundation.ca/assets/images/ 3 KB
4 KB 55ms
54ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/main-sprite.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 11d97aa00e128b5f10a99d3de14eba0ec817751c0548a8aaece7dbbfb77bcb66

Request headers

Referer: https://www.firstfoundation.ca/assets/css/the-rest.min.1644947054.css
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:44 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 253408
cf-polished: origFmt=png, origSize=4894
x-cache-nxaccel: MISS
content-disposition: inline; filename="main-sprite.webp"
alt-svc: h3=":443"; ma=86400
content-length: 3474
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "131e-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2k2pk5kMqoEDVNhoDS9qDK9CB29J9PbLT0Q57xfUIU67KqmZWufsoqjBfkBI5kgwsQCkkJTPJxZz0VvWGcDL%2B1XZJCIYnSnlC2N8MVM9bmH650biIGKuMum%2BhCxh2tI%2Fr3mVk0lTGNE%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5ceae9fe5425-YYZ
expires: Thu, 19 Sep 2024 14:42:16 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 329 KB
107 KB 82ms
80ms Script
application/javascript 142.250.80.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CD6W6EB7M8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKV3CR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.104 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

06eadc4a69b81efa35a1a84c815bee0f594a7a2d0a06a47aecef9203bf186b50

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109483
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 23 Aug 2024 16:08:44 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 520ms
62ms Script
text/javascript 142.251.40.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKV3CR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.174 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 23 Aug 2024 16:06:04 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 160
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 23 Aug 2024 18:06:04 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 229 KB
83 KB 80ms
79ms Script
application/javascript 142.250.80.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-1061587441&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKV3CR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.104 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

a49b371e1a887020b657c8f36389d9d5a88d515e2c3bc53e7824922f4de194e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:44 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84389
x-xss-protection: 0
last-modified: Fri, 23 Aug 2024 15:50:15 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 23 Aug 2024 16:08:44 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 61ms
35ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 23 Aug 2024 16:08:44 GMT
document-policy: force-load-at-top
x-fb-server-load: 54
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58912
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=35, rtx=0, c=26, mss=1232, tbw=8399, tp=18, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: hjJiNmqtlMcwhZRZ7/8syV3dlSqr1vsFNFeWAA+KnkLaelTsPY0malIhTy2hVxcOw5MK2fEM39lC7H9ImazTwg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 swap.js Show response
cdn.callrail.com/companies/252477266/acba09b486609447ec77/12/ 32 B
576 B 480ms
62ms Script
text/javascript 52.85.61.107
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.callrail.com/companies/252477266/acba09b486609447ec77/12/swap.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-TKV3CR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.85.61.107 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-52-85-61-107.ewr53.r.cloudfront.net

Software

Resource Hash

d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:44 GMT
via: 1.1 35c803afef083002d824403342d4c62e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-permitted-cross-domain-policies: none
x-amz-cf-pop: EWR53-P1
x-cache: Miss from cloudfront
content-length: 32
x-xss-protection: 1; mode=block
x-request-id: 488084f9-d93e-46bd-8904-ff9afda48e6f
x-runtime: 0.005406
referrer-policy: strict-origin-when-cross-origin
etag: W/"d18beba8a6db32dd84b24258cf6542ac"
x-download-options: noopen
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600, public
timing-allow-origin: *
x-amz-cf-id: Fio9HtA3PW3ukXaeGufpNx9xesIQac59D8cdTHgz43qXR1RA8cct3A==

GET
H2 200 status
www.facebook.com/x/oauth/ 0
0 443ms
157ms Fetch
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?client_id=189113607825569&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&sdk=joey&wants_cookie_data=false

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js?hash=6643b870450c7063868d1021060bd896

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
date: Fri, 23 Aug 2024 16:08:44 GMT
x-content-type-options: nosniff
document-policy: force-load-at-top
x-fb-server-load: 36
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
reporting-endpoints: default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7406367551420756600", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=10, mss=1316, tbw=2778, tp=-1, tpl=-1, uplat=13, ullat=0
pragma: no-cache
x-fb-debug: JoGq7LIpOj+NPcniHMtWuSKtckPILaioHysbthhnk6tLm+wevIck4KfemM92roGqTM6liO3XBSsrjE3xdkiCNw==
fb-s: unknown
report-to: {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7406367551420756600"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://www.firstfoundation.ca
origin-agent-cluster: ?0
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 firstfoundation.ttf
www.firstfoundation.ca/assets/fonts/ 1 KB
1 KB 33ms
32ms Font
font/ttf 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstfoundation.ca/assets/fonts/firstfoundation.ttf?-l24jn4
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d50734aaa7ef52888e0d962d54ae9163d265b61a729c735170653b07691ef3ae

Request headers

Referer: https://www.firstfoundation.ca/assets/css/above-the-fold.min.1558698904.css
Origin: https://www.firstfoundation.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:44 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 81647
x-cache-nxaccel: MISS
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 08 Jul 2015 16:43:34 GMT
server: cloudflare
etag: W/"504-51a5fd6f2b980"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V1EYadKWAS8kXCfhEwCdRxxQt8eKO%2BI58KnIW3ZpSU%2B9a3Ab3bjUPlD2nsr3KE8tSD6sO0YAn%2B42CDu4GcV95KKgqZvOwwalQ%2F%2FVZYviQcNa3g8NLqW3BeCWBx4K2dDKvQCBXpNDDGo%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/ttf
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 8b7c5cee2ca45425-YYZ
expires: Fri, 23 Aug 2024 15:11:50 GMT

GET
H3 200 logo.png
www.firstfoundation.ca/assets/images/ 2 KB
0 0ms
0ms Image
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.firstfoundation.ca/assets/images/logo.png
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: d0020742c62697f7ce1453e65054c48333fa7140961f952b5a2d220020a76771

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:42 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 269387
cf-polished: origFmt=png, origSize=2793
x-cache-nxaccel: MISS
content-disposition: inline; filename="logo.webp"
alt-svc: h3=":443"; ma=86400
content-length: 2384
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "ae9-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ca7tt2Sf0H%2BBOHP5zk0qiF4M3kRwz29sjtNfmNm1pZ0jT73ZZUjMkFpn94bULP%2B8O%2F74daQyI%2FU7vwMzuNWhXmcb%2Bc8RCZApNrUfZNN4Fr1xTV%2BAOQy35BmRGr8FNjeBmxB5QwfinHc%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5cdfe9705425-YYZ
expires: Tue, 10 Sep 2024 17:09:41 GMT

GET
H3

200

main.js Show response
www.firstfoundation.ca/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/ Frame 97E3
Redirect Chain

https://www.firstfoundation.ca/cdn-cgi/challenge-platform/scripts/jsd/main.js
https://www.firstfoundation.ca/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?

8 KB
4 KB

44ms
39ms

Script
application/javascript

172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstfoundation.ca/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Server

172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b559f60a9e1e07cf7f8c89db3cc0496bd276118f73426b8bc6c1fb41c4a8da6

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vbsq297Y5jowjHj9ZApW2n2R%2Fx2oK%2B5v7EFhTnbYvv8QyrCR2wuseGBphwQVe4SWU2pb%2Brt0KiFcuupaHZqfJ5OSHGJ6hMq7cddDfd1jjvcnFijg0VCp5pRd7nNauL4Uf0tGFoohatk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=UTF-8
cache-control: max-age=14400, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8b7c5cefde305425-YYZ
alt-svc: h3=":443"; ma=86400

Redirect headers

date: Fri, 23 Aug 2024 16:08:44 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QTnOqy4pu6%2BmlNgS0rIG8o%2F20TYzhpMIkUtedlyaGrVDwrjFGiZodsID9nz1ubqR8e3HfaemVGMl%2BkiOTg%2Ft9IDVpj756dDGa7JHAI2IWC%2FLgUnBBIS7V7LKeHVeMN%2FlVf28R0n%2Bjic%3D"}],"group":"cf-nel","max_age":604800}
location: /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?
access-control-allow-origin: *
cache-control: max-age=300, stale-if-error=10800, stale-while-revalidate=10800, public
cf-ray: 8b7c5cedfc7c5425-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/1061587441/ 3 KB
1 KB 76ms
76ms Script
text/javascript 142.250.80.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1061587441/?random=1724429324760&cv=11&fst=1724429324760&bg=ffffff&guid=ON&async=1&gtm=45be48l0z86850853za201zb6850853&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&hn=www.googleadservices.com&frm=0&tiba=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&npa=0&pscdl=noapi&auid=1424433852.1724429324&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1061587441&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.66 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s35-in-f2.1e100.net

Software

cafe /

Resource Hash

5c60a2a575acaf07eb4ad3cc9a7e73d4d8740af629a4d75c3cc235a64e6ebef7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:44 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1409
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1061587441
td.doubleclick.net/td/rul/ Frame 01E9 0
0 325ms
63ms Document
text/html 142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/1061587441?random=1724429324760&cv=11&fst=1724429324760&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be48l0z86850853za201zb6850853&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&hn=www.googleadservices.com&frm=0&tiba=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&npa=0&pscdl=noapi&auid=1424433852.1724429324&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-1061587441&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Aug 2024 16:08:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 773482682778910 Show response
connect.facebook.net/signals/config/ 63 KB
13 KB 152ms
150ms Script
application/x-javascript 157.240.241.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/773482682778910?v=2.9.165&r=stable&domain=www.firstfoundation.ca&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-lga3.fbcdn.net

Software

Resource Hash

80df7e7c0324cbd56accd072920c99d0354076922d925604d5aa0d3e3a6bf2eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 23 Aug 2024 16:08:45 GMT
document-policy: force-load-at-top
x-fb-server-load: 66
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=61, mss=1232, tbw=69359, tp=70, tpl=0, uplat=86, ullat=0
pragma: public
x-fb-debug: b/Zss4uO+alRQuIvewkh22nPOez+GXtEeQOzheTHhhcglGa/d5vE2PXLszCjIf1/Gul1n7UY+0NXWQ3rzwwE6Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 352ms
46ms Fetch
text/plain 142.250.80.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-CD6W6EB7M8&gtm=45je48l0v9116765317z86850853za200zb6850853&_p=1724429322954&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=2026684373.1724429325&ecid=1069008008&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1724429325&sct=1&seg=0&dl=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&dt=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3695
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CD6W6EB7M8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s33-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstfoundation.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
45 B 537ms
49ms Ping
text/plain 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-CD6W6EB7M8&cid=2026684373.1724429325&gtm=45je48l0v9116765317z86850853za200zb6850853&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CD6W6EB7M8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.111.154 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: bk-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstfoundation.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame A69F 0
0 168ms
0ms Document
text/html 142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-CD6W6EB7M8&gacid=2026684373.1724429325&gtm=45je48l0v9116765317z86850853za200zb6850853&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1817997981

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CD6W6EB7M8&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Aug 2024 16:08:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
0 248ms
51ms Fetch
text/plain 142.250.80.14
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-GV9TPCY84G&gtm=45je48l0v9116765317z86850853za200zb6850853&_p=1724429322954&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=2026684373.1724429325&ecid=1266506612&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1724429325&sct=1&seg=0&dl=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&dt=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&en=page_view&_fv=1&_ss=1&tfd=3804
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CD6W6EB7M8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.80.14 Plainview, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s33-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstfoundation.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
259 B 428ms
48ms Ping
text/plain 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-GV9TPCY84G&cid=2026684373.1724429325&gtm=45je48l0v9116765317z86850853za200zb6850853&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CD6W6EB7M8&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.111.154 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: bk-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:45 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstfoundation.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 rul
td.doubleclick.net/td/ga/ Frame 2789 0
0 340ms
52ms Document
text/html 142.250.80.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-GV9TPCY84G&gacid=2026684373.1724429325&gtm=45je48l0v9116765317z86850853za200zb6850853&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=1298037159

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CD6W6EB7M8&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 23 Aug 2024 16:08:45 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 1023ms
394ms Image
image/gif 142.251.40.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-CD6W6EB7M8&cid=2026684373.1724429325&gtm=45je48l0v9116765317z86850853za200zb6850853&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=493406900

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.131 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.ca/ads/ 42 B
63 B 735ms
106ms Image
image/gif 142.251.40.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-GV9TPCY84G&cid=2026684373.1724429325&gtm=45je48l0v9116765317z86850853za200zb6850853&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=1437187557

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.131 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:46 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/1061587441/ 42 B
64 B 655ms
57ms Image
image/gif 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1061587441/?random=1724429323944&cv=9&fst=1724428800000&num=1&label=wP4UCKeyzwIQ8ZOa-gM&guid=ON&resp=GooglemKTybQhCsO&eid=376635470%2C375603261%2C466465926%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&tiba=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&hn=www.googleadservices.com&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfBkRzQYCkGik5gKZRvUvrrnOQy4NlYg&random=1303464338&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.100 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1061587441/ 42 B
64 B 653ms
57ms Image
image/gif 142.251.40.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1061587441/?random=1724429323944&cv=9&fst=1724428800000&num=1&label=wP4UCKeyzwIQ8ZOa-gM&guid=ON&resp=GooglemKTybQhCsO&eid=376635470%2C375603261%2C466465926%2C512247839&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-420&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&tiba=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&hn=www.googleadservices.com&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfBkRzQYCkGik5gKZRvUvrrnOQy4NlYg&random=1303464338&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.131 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 15 B
226 B 66ms
59ms XHR
text/plain 142.251.40.174
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1075428003&t=pageview&_s=1&dl=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&ul=en-ca&de=UTF-8&dt=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgUABAAAAACAAI~&jid=724646076&gjid=477070055&cid=2026684373.1724429325&tid=UA-1432971-1&_gid=871575473.1724429325&_slc=1&gtm=45He48l0n71TKV3CRv6850853za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&z=219897009

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.174 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f14.1e100.net

Software

Golfe2 /

Resource Hash

e44299abb569eac7b8a824ec93d50ee4107ecbacb261607c64fdafbe43134c35

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstfoundation.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
148 B 192ms
49ms XHR
text/plain 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-1432971-1&cid=2026684373.1724429325&jid=724646076&gjid=477070055&_gid=871575473.1724429325&_u=YCDAgUABAAAAAGAAI~&z=49373035

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.111.154 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bk-in-f154.1e100.net

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 23 Aug 2024 16:08:45 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.firstfoundation.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 8b7c5cdd6f615425 Show response
www.firstfoundation.ca/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 97E3 0
927 B 51ms
39ms XHR
text/plain 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstfoundation.ca/cdn-cgi/challenge-platform/h/b/jsd/r/8b7c5cdd6f615425
Requested by: Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Fri, 23 Aug 2024 16:08:46 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AE9CfRsKtkmG5WqpsEOPd%2FxbCRaE0jC30nYPmqYPQA7DcuUuByfKirJDEcTPrmQk7xkHeaJupJz8hVbhhEIbeG4N6bVzrLhRkq4TcXtrUK%2BtUgE2y1tN0bGdcF%2BuT6wtrYoyfIdXLI0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/plain; charset=UTF-8
cf-ray: 8b7c5cf92f885425-YYZ
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/1061587441/ 42 B
64 B 63ms
62ms Image
image/gif 142.251.32.100
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/1061587441/?random=1724429324760&cv=11&fst=1724428800000&bg=ffffff&guid=ON&async=1&gtm=45be48l0z86850853za201zb6850853&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&hn=www.googleadservices.com&frm=0&tiba=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&npa=0&pscdl=noapi&auid=1424433852.1724429324&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfg6pQnfjvAtp8IGyf6RYZ-ynro7Cap_Y4QPBOMxQnhIh8egrw&random=3008823276&rmt_tld=0&ipr=y

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.100 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/1061587441/ 42 B
64 B 62ms
62ms Image
image/gif 142.251.40.131
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/1061587441/?random=1724429324760&cv=11&fst=1724428800000&bg=ffffff&guid=ON&async=1&gtm=45be48l0z86850853za201zb6850853&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.firstfoundation.ca%2Ffinancial%2F&hn=www.googleadservices.com&frm=0&tiba=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&npa=0&pscdl=noapi&auid=1424433852.1724429324&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfg6pQnfjvAtp8IGyf6RYZ-ynro7Cap_Y4QPBOMxQnhIh8egrw&random=3008823276&rmt_tld=1&ipr=y

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.131 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s80-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 23 Aug 2024 16:08:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200 website Show response
salesiq.zohopublic.com/visitor/v2/channels/ 32 KB
15 KB 492ms
304ms XHR
application/json 136.143.182.97
ZOHO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://salesiq.zohopublic.com/visitor/v2/channels/website?widgetcode=e9d74e9503923100e2daebc52dbd012f3d02b9e93fac0865dd2f4003e47a260813bd0b925c54d792187683bc6667e379&internal_channel_req=true&language_api=true&browser_language=en&current_domain=https%3A%2F%2Ffirstfoundation.ca&pagetitle=Financial%20Advisor%20%26%20Planner%20Services%20Edmonton%20Calgary%20%7C%20First%20Foundation&include_fields=avuid

Requested by

Host: salesiq.zoho.com
URL: https://salesiq.zoho.com/widget

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

136.143.182.97 , United States, ASN2639 (ZOHO-AS, US),

Reverse DNS

Software

ZGS /

Resource Hash

64ccdbf3c1905f63df75ddd557cff474418d5430d60bec3f6f537cc5971271fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Fri, 23 Aug 2024 16:08:46 GMT
Strict-Transport-Security: max-age=63072000
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Transfer-Encoding: chunked
Connection: keep-alive
Server: ZGS
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: GET
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://www.firstfoundation.ca
Content-Language: en-CA
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Encoding: UTF-8
Access-Control-Allow-Headers: Content-Type,x-siq-internal-channel

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 333 KB
109 KB 82ms
80ms Script
application/javascript 142.250.80.104
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-CD6W6EB7M8&cx=c&_slc=1

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.104 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s36-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

9c89f5912eddede021a05be574984e609d790ebb792f8985506100407b2abba1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:46 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 111252
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 23 Aug 2024 16:08:46 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
174 B 39ms
36ms Image
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=773482682778910&ev=PageView&dl=https%3A%2F%2Fwww.firstfoundation.ca&rl=&if=false&ts=1724429326393&sw=1600&sh=1200&v=2.9.165&r=stable&ec=0&o=4124&fbp=fb.1.1724429326368.855473694315859219&pm=1&hrl=7fccc4&ler=empty&cdl=API_unavailable&it=1724429324997&coo=false&cs_cc=1&cas=1928093747312596&rqm=GET

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=35, rtx=0, c=10, mss=1316, tbw=4616, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 23 Aug 2024 16:08:46 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
2 KB 264ms
263ms Image
image/png 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=773482682778910&ev=PageView&dl=https%3A%2F%2Fwww.firstfoundation.ca&rl=&if=false&ts=1724429326393&sw=1600&sh=1200&v=2.9.165&r=stable&ec=0&o=4124&fbp=fb.1.1724429326368.855473694315859219&pm=1&hrl=7fccc4&ler=empty&cdl=API_unavailable&it=1724429324997&coo=false&cs_cc=1&cas=1928093747312596&rqm=FGET

Requested by

Host: www.firstfoundation.ca
URL: https://www.firstfoundation.ca/financial/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.firstfoundation.ca/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 23 Aug 2024 16:08:46 GMT
document-policy: force-load-at-top
x-fb-server-load: 51
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7406367560242855229", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=33, rtx=0, c=10, mss=1316, tbw=4834, tp=-1, tpl=-1, uplat=226, ullat=0
pragma: no-cache
x-fb-debug: I4sbMOC1yMtoapXI7m0OY0FmKuoKeCgUOizpwM5QrTj119PunaYRxvfPhgBWANQgHK10lUv69oKQ4VSa9f0GzQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7406367560242855229"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H3 204 rum Show response
www.firstfoundation.ca/cdn-cgi/ 0
146 B 26ms
24ms XHR
text/plain 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.firstfoundation.ca/cdn-cgi/rum?

Requested by

Host: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/vcd15cbe7772f49c399c6a5babf22c1241717689176015

Protocol

Security

QUIC, , AES_128_GCM

Server

172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
content-type: application/json

Response headers

date: Fri, 23 Aug 2024 16:08:46 GMT
x-content-type-options: nosniff
server: cloudflare
vary: Origin
access-control-max-age: 86400
access-control-allow-methods: POST,OPTIONS
access-control-allow-origin: https://www.firstfoundation.ca
x-frame-options: DENY
access-control-allow-credentials: true
cf-ray: 8b7c5cfbd94a5425-YYZ

GET
H3 200 favicon.png
www.firstfoundation.ca/assets/images/ 320 B
912 B 32ms
31ms Other
image/webp 172.66.43.88
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.firstfoundation.ca/assets/images/favicon.png
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.66.43.88 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f29a6f1cb7b1d47b9737448d5f34e2e6aa7152fa73119953f00f07c6dade9f3e

Request headers

Referer: https://www.firstfoundation.ca/financial/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:46 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 176601
cf-polished: origFmt=png, origSize=537
x-cache-nxaccel: MISS
content-disposition: inline; filename="favicon.webp"
alt-svc: h3=":443"; ma=86400
content-length: 320
cf-bgj: imgq:100,h2pri
last-modified: Tue, 09 Jul 2013 07:29:10 GMT
server: cloudflare
etag: "219-4e10f1df1fd80"
vary: Accept
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0f65qDA0kEZ6RX8AQ3QjRdpgm%2FZlNkJLkUyUEx97dDsfTUIvwLFcD46DVJj1BsZeJM5xjF1NNNaRLSnwbAMW9fU5W4g9%2FTaREZNiCddTD56SWRyj3mMI5f2RamktCIZDENfp7DYXAo4%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 8b7c5cfc49d65425-YYZ
expires: Sun, 08 Sep 2024 21:23:37 GMT

GET
H2 200 floatbutton1_0uA5KIDjSJBNGPeiRDI3YtNcjWJ9mZsPq48NM5iMzp7_jWYVkIHbMtgrDX_xil60_.css
css.zohocdn.com/salesiq/styles/ 60 KB
14 KB 80ms
19ms Stylesheet
text/css 199.67.84.76
ZOHO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://css.zohocdn.com/salesiq/styles/floatbutton1_0uA5KIDjSJBNGPeiRDI3YtNcjWJ9mZsPq48NM5iMzp7_jWYVkIHbMtgrDX_xil60_.css

Requested by

Host: salesiq.zoho.com
URL: https://salesiq.zoho.com/widget

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

199.67.84.76 , United States, ASN2639 (ZOHO-AS, US),

Reverse DNS

Software

ZGS /

Resource Hash

bb92332c3133a0ff652f4fdffec647032ab9939d320decdee8a6619431dd2dec

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000, max-age=63072000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstfoundation.ca/
Origin: https://www.firstfoundation.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:46 GMT
strict-transport-security: max-age=15768000, max-age=63072000
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 13958
last-modified: Thu, 04 Apr 2024 08:43:59 GMT
server: ZGS
nb-request-id: 7625cab28e99b012e91b3c9505f64e0b
etag: "03a6501a22cf0a6bafc47337b71c098a"
vary: Accept-Encoding
content-type: text/css;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=7776000, immutable
content-language: en-US
z-origin-id: ca1-34fa6ddb65e84be5a824bfa81d2d501e
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 floatbutton1_xL6er06-XQFGwrNGnQ-sbfVXEBIxjLMIjZ5SxsZV3RS9UQq-R-2f-avBglzTaI7z_.js Show response
js.zohocdn.com/salesiq/js/ 114 KB
43 KB 79ms
21ms Script
text/javascript 199.67.84.76
ZOHO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://js.zohocdn.com/salesiq/js/floatbutton1_xL6er06-XQFGwrNGnQ-sbfVXEBIxjLMIjZ5SxsZV3RS9UQq-R-2f-avBglzTaI7z_.js

Requested by

Host: salesiq.zoho.com
URL: https://salesiq.zoho.com/widget

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

199.67.84.76 , United States, ASN2639 (ZOHO-AS, US),

Reverse DNS

Software

ZGS /

Resource Hash

bfecca5c8ff43ef702b53d0a4ff329e3a9d53a6e396f048c1b54203015c14c3a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000, max-age=63072000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.firstfoundation.ca/
Origin: https://www.firstfoundation.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:46 GMT
strict-transport-security: max-age=15768000, max-age=63072000
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 43063
last-modified: Wed, 14 Aug 2024 08:08:27 GMT
server: ZGS
nb-request-id: f8d495233ceac5173652799d104cca8d
etag: "37f87666728e3a4ed542b0082875f100"
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=7776000, immutable
content-language: en-US
z-origin-id: ca1-b43591c054be48d6969046e9801c621b
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 siq_mpWsf52LIPg9mU40fjRdjF6WMUs-Q0VNu4KH07GkhNZGQTRxW2eRyFJLAq9VKCYB_.ttf
css.zohocdn.com/salesiq/styles/fonts/float/ 14 KB
10 KB 24ms
19ms Font
font/ttf 199.67.84.76
ZOHO-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://css.zohocdn.com/salesiq/styles/fonts/float/siq_mpWsf52LIPg9mU40fjRdjF6WMUs-Q0VNu4KH07GkhNZGQTRxW2eRyFJLAq9VKCYB_.ttf

Requested by

Host: css.zohocdn.com
URL: https://css.zohocdn.com/salesiq/styles/floatbutton1_0uA5KIDjSJBNGPeiRDI3YtNcjWJ9mZsPq48NM5iMzp7_jWYVkIHbMtgrDX_xil60_.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

199.67.84.76 , United States, ASN2639 (ZOHO-AS, US),

Reverse DNS

Software

ZGS /

Resource Hash

cf1f73b76f318b2d7b59319d22f03d9f40ae8ab9ed942d338aeca9d03860fc15

Security Headers

Name	Value
Strict-Transport-Security	max-age=15768000, max-age=63072000
X-Content-Type-Options	nosniff

Request headers

Referer: https://css.zohocdn.com/salesiq/styles/floatbutton1_0uA5KIDjSJBNGPeiRDI3YtNcjWJ9mZsPq48NM5iMzp7_jWYVkIHbMtgrDX_xil60_.css
Origin: https://www.firstfoundation.ca
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Fri, 23 Aug 2024 16:08:46 GMT
strict-transport-security: max-age=15768000, max-age=63072000
x-content-type-options: nosniff
content-encoding: br
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 9343
last-modified: Thu, 04 Apr 2024 08:43:28 GMT
server: ZGS
nb-request-id: d1259b74d505c51bd27e111caf28a570
etag: "20f374e9afc772f2ce62f64c5b3b772f"
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=7776000, immutable
content-language: en-US
z-origin-id: ca1-99a086a6b81d46cb9451a12170433ef3
accept-ranges: bytes
timing-allow-origin: *

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

22 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.firstfoundation.ca/	1970-01-21 07:46:05	Name: exp_last_visit Value: 1409069321
www.firstfoundation.ca/	1970-01-21 07:46:05	Name: exp_last_activity Value: 1724429321
www.firstfoundation.ca/	1969-12-31 23:59:59	Name: exp_tracker Value: %7B%220%22%3A%22financial%22%2C%22token%22%3A%22709353540013a321093580ca51131103%22%7D
www.firstfoundation.ca/	1970-01-20 23:00:36	Name: exp_csrf_token Value: 42cc712a6e166f39ff459dc9c550813544b00599
.jotformpro.com/	1970-01-20 23:45:07	Name: userReferer Value: https%3A%2F%2Fwww.firstfoundation.ca%2F
.jotformpro.com/	1970-01-20 23:45:07	Name: guest Value: guest_cc17ef6e1705bd98
.firstfoundation.ca/	1970-01-21 01:10:05	Name: _gcl_au Value: 1.1.1424433852.1724429324
salesiq.zoho.com/	1969-12-31 23:59:59	Name: LS_CSRF_TOKEN Value: f7746392-0d6d-48c2-a867-5096d3672e9e
.doubleclick.net/	1970-01-21 08:36:29	Name: IDE Value: AHWqTUk1y5etIU_r5QusfcJ4kDEzYWkLYW9mHn2lGKfSy2tSZHF6K37ziynIKwwo
.firstfoundation.ca/	1970-01-21 08:36:29	Name: _ga_CD6W6EB7M8 Value: GS1.1.1724429325.1.0.1724429325.60.0.1069008008
.firstfoundation.ca/	1970-01-21 08:36:29	Name: _ga_GV9TPCY84G Value: GS1.1.1724429325.1.0.1724429325.60.0.1266506612
.firstfoundation.ca/	1970-01-21 08:36:29	Name: _ga Value: GA1.2.2026684373.1724429325
.firstfoundation.ca/	1970-01-20 23:01:55	Name: _gid Value: GA1.2.871575473.1724429325
.firstfoundation.ca/	1970-01-20 23:00:29	Name: _dc_gtm_UA-1432971-1 Value: 1
.jotform.com/	1970-01-20 23:45:07	Name: userReferer Value: https%3A%2F%2Fform.jotform.com%2F
.jotform.com/	1970-01-20 23:45:07	Name: guest Value: guest_c6b146b5700d9797
.firstfoundation.ca/	1970-01-21 07:46:05	Name: cf_clearance Value: F4yM_qg4vl8d7A5X.qpeNtT6Yx8Kty4W6YWugnDfuzY-1724429326-1.2.1.1-Tj07_sYmXt73dTZa3d0.wg7QwwLmvSbvmN5UlYIB8TsU6dn3f5U4GekWxLQbnIwAKrRZ761pshr4W2UV3k2dN_6_4j6Q3tsgtF23_5CXRll49BDHKBR3CLSxWfIIyJE3KIhc_9ZeKArmUK0.ol88pLwodVOc_vZMS4V0AjnLpJIrleuUO1HemjWTFu0IyvQ6LU0t1bfna1vjndegBQ9.ySR.KHHopessABA90D5mfU42XAJKNJa15IOXPtW.CwaEdo7pknIYGXun9r5BSHtXtvTDDzuLss2Cqgrwi4U6K8vURCre6FL83.CzLqIMCwu9O71oYiC1t5qaOIQhCGFGnbzEgwszLJww4w5i6mf7J2ODE6TWfJb5hDQjM_84CaNe
.firstfoundation.ca/	1970-01-21 01:10:05	Name: _fbp Value: fb.1.1724429326368.855473694315859219
salesiq.zohopublic.com/	1969-12-31 23:59:59	Name: LS_CSRF_TOKEN Value: f69f577c-b1e4-46ed-b8e7-07a81bebd4a6
salesiq.zohopublic.com/	1970-01-20 23:43:41	Name: uesign Value: 1637c04f7a3dfa44d37513f89369a3e8e2821bd57348f524eb527e3b3342f8f584eb7f5e273d9b36cb2ab4ddbca094cb
.firstfoundation.ca/	1970-01-21 08:36:29	Name: firstfoundation-_zldp Value: JarV7Cil1NuQHU1g6hRMEusQ6uSWCjzxBB8UfBwKuvrSb5soo8oqvJ4%2BKtj5%2BKtupRUK595EVd8%3D
.firstfoundation.ca/	1970-01-20 23:01:55	Name: firstfoundation-_zldt Value: c3fb8d80-81e2-470f-a2b2-2c9ac3ddafcc-2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
apis.google.com
cdn.callrail.com
connect.facebook.net
css.zohocdn.com
firstfoundation.ca
fonts.googleapis.com
fonts.gstatic.com
form.jotform.com
googleads.g.doubleclick.net
js.zohocdn.com
rrsp-tfsa.ca
salesiq.zoho.com
salesiq.zohopublic.com
secure.jotformpro.com
static.cloudflareinsights.com
stats.g.doubleclick.net
td.doubleclick.net
www.facebook.com
www.firstfoundation.ca
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
104.16.79.73
136.143.182.97
142.250.176.206
142.250.65.202
142.250.80.104
142.250.80.14
142.250.80.34
142.250.80.66
142.250.80.67
142.250.80.98
142.251.111.154
142.251.32.100
142.251.40.131
142.251.40.174
15.197.225.128
157.240.241.1
172.66.43.88
199.67.84.76
204.141.43.67
31.13.71.36
35.201.118.58
52.85.61.107
0571ad0ecaab62d8ff77c9bbbf39df5188474855b765e8a9d7a3b8694e8671ea
06eadc4a69b81efa35a1a84c815bee0f594a7a2d0a06a47aecef9203bf186b50
0dbdc9b7434e8e13dc81e4257e5ad9158e21477de60da5bc2b9a950b4f521741
11d97aa00e128b5f10a99d3de14eba0ec817751c0548a8aaece7dbbfb77bcb66
31440826df0ec544530ad0a3f316d2ea03c936cab55c15fc83950d27fcc3353a
34b152416fba366a6cd9711df7dc744745c0cf8687f845a52fcb17f26c6cb35a
394f35cd19298867063bbdd064edc9bfa762d3eb144ad82ba83e799bf03056e2
3b0d69efedfb89da8e26d3f579de61f3ef732629b672b0fd853eabf2e1c4d5e1
3c354a3788639ae9e83bd8fe20b0ddcbe5178ed69ec39fcd7a50183e8695de3f
42094a7705f0d0ea137d847f5636021885167ddd1623c6b0ab54a4862f7722d0
4c094182b5cabe9021b8dda00297e5c7c32f83f38619cf094257d5e029299699
4d357846b85b33441b4ba2409f7affa2212ae546890a8b42f8a8baee386a54b5
52857bee99477d24edf782b102f00e242d58e1e754cfb9f0fc60bd86840fdca9
557f6d0883db85be712c3a77baa38875ddf99ecbdfd6fec98e5c0b1f7a0e1532
582843ef3c94fd8ac34f30ec3efeac9ad8f8236f597122d5b8d510f8b559b6f9
586086be5c643db663891f93064b6dd493c6c5e280cab116f81bcd94bea54e6c
5c60a2a575acaf07eb4ad3cc9a7e73d4d8740af629a4d75c3cc235a64e6ebef7
64162abc44e064c588108b6ef18dd54fe332b2678a0537168bfb85d762867e77
64ccdbf3c1905f63df75ddd557cff474418d5430d60bec3f6f537cc5971271fe
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bfdf84c34e436af5cef64f1fb615310ea6433edf98d4c52111521f00714a02b
722d816917f75fb60dfb01bfa0685d0090f009b48eb1c6b602e42f8a51a7d91e
73152e12196cf1ffe8851d7da695e5b176d6c2d5bae957cb808d6518ac75b13e
80df7e7c0324cbd56accd072920c99d0354076922d925604d5aa0d3e3a6bf2eb
82adafd2815d9ca49a6771392b15c4c7683f0490a8825ead54dd2d2594d44c62
8a18d13015336bc184819a5a768447462202ef3105ec511bf42ed8304a7ed94f
8b559f60a9e1e07cf7f8c89db3cc0496bd276118f73426b8bc6c1fb41c4a8da6
8bbe70ea5d9d1a43a587adf4183427d431e60dea88075256adbe458c15c648e8
9248f9dcb6b3c9b58999b21bdd10cc2f3a1dd8260679830c5e03db209104d92f
98fd14a7dd74f7f92b926b55b1ff8fa04856dcfe3229b757910253ee5fa481a8
9c89f5912eddede021a05be574984e609d790ebb792f8985506100407b2abba1
9c902c08b8661f4b92d55e49021b15a5ee1fe2dcf226b3545654832cad3eba17
a49b371e1a887020b657c8f36389d9d5a88d515e2c3bc53e7824922f4de194e5
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
adeec3c8bc18978d61b3215d80f343d0c49e69cf5317cd0749e3b46bd83026d8
b1320e0dda0858c87971f7baa0d53063ad2a429d232fd06b0067bda8b9eeb0ec
b2aad7de9f37c25ab9bba96cd7d4f3dbf5141dce270b4ea93649b0f8e8ad405a
b6ed81eee6d6ae94d8db1ea024a95f2cf38a25eaa4cc830edf09b599f4c2e833
bb92332c3133a0ff652f4fdffec647032ab9939d320decdee8a6619431dd2dec
bf6d172b5ad71bbc7d8c0d566d11f31c71902674290b30df1a78514594d6c882
bfecca5c8ff43ef702b53d0a4ff329e3a9d53a6e396f048c1b54203015c14c3a
c5ae733d2cc468404e1d335e85c826e2e5f8792be35a968e20eaf497548e47c3
c6fdafff5ebb1051a3eeec76fc4ed6988433aee0046e5c7d4a02ee38e9730a15
cf1f73b76f318b2d7b59319d22f03d9f40ae8ab9ed942d338aeca9d03860fc15
d0020742c62697f7ce1453e65054c48333fa7140961f952b5a2d220020a76771
d18beba8a6db32dd84b24258cf6542acca7684b030e529ef2977198993400c4b
d50734aaa7ef52888e0d962d54ae9163d265b61a729c735170653b07691ef3ae
d5c1172f24f4f49f780c65cf5be897527fd08f3662a2ba8db0cfe0057d92e367
db352eafbe6951971712c7e287205a431be22c9677558158796ea0b7a83dee61
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e16de32eed9c11abecc541412975bfd45421701121274d30cb7523720d04e1e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e44299abb569eac7b8a824ec93d50ee4107ecbacb261607c64fdafbe43134c35
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f29a6f1cb7b1d47b9737448d5f34e2e6aa7152fa73119953f00f07c6dade9f3e

www.firstfoundation.ca Open in urlscan Pro 172.66.43.88 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

73 Requests

95 %HTTPS

0 %IPv6

19 Domains

25 Subdomains

21 IPs

2 Countries

1329 kBTransfer

3254 kBSize

22 Cookies

16 Outgoing links

Page URL History

Redirected requests

73 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.firstfoundation.ca Open in urlscan Pro
172.66.43.88 Public Scan

Screenshot
Live screenshot

Full Image

73
Requests

95 %
HTTPS

0 %
IPv6

19
Domains

25
Subdomains

21
IPs

2
Countries

1329 kB
Transfer

3254 kB
Size

22
Cookies

73 HTTP transactions
0 data transactions