www.compasscard.ca Open in urlscan Pro
45.60.152.124 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.compasscard.ca/loadcard
Submission: On October 08 via api (October 8th 2023, 12:51:07 am UTC) from US — Scanned from CA

Summary HTTP 74 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 16 IPs in 2 countries across 14 domains to perform 74 HTTP transactions. The main IP is 45.60.152.124, located in United States and belongs to INCAPSULA, US. The main domain is www.compasscard.ca.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2023 Q2 on May 30th 2023. Valid for: 6 months.

This is the only time www.compasscard.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	45.60.152.124 45.60.152.124	19551 (INCAPSULA) (INCAPSULA)
4	104.16.250.67 104.16.250.67	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.11.207 104.18.11.207	13335 (CLOUDFLAR...) (CLOUDFLARENET)
10	142.251.167.113 142.251.167.113	15169 (GOOGLE) (GOOGLE)
6	172.253.115.106 172.253.115.106	15169 (GOOGLE) (GOOGLE)
1	172.253.63.95 172.253.63.95	15169 (GOOGLE) (GOOGLE)
1	104.22.54.104 104.22.54.104	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	172.253.63.97 172.253.63.97	15169 (GOOGLE) (GOOGLE)
4	172.253.115.94 172.253.115.94	15169 (GOOGLE) (GOOGLE)
3	31.13.66.19 31.13.66.19	32934 (FACEBOOK) (FACEBOOK)
2	142.250.31.156 142.250.31.156	15169 (GOOGLE) (GOOGLE)
2	172.253.122.94 172.253.122.94	15169 (GOOGLE) (GOOGLE)
2	31.13.66.35 31.13.66.35	32934 (FACEBOOK) (FACEBOOK)
2	142.251.16.94 142.251.16.94	15169 (GOOGLE) (GOOGLE)
2	142.251.167.190 142.251.167.190	15169 (GOOGLE) (GOOGLE)
1	54.72.158.246 54.72.158.246	() ()
74	16

31 45.60.152.124 (United States)

ASN19551 (INCAPSULA, US)

www.compasscard.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.16.250.67 (None, )

ASN13335 (CLOUDFLARENET, US)

fast.fonts.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.11.207 (None, )

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 142.251.167.113 (United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f113.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 172.253.115.106 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f106.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.63.95 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f95.1e100.net

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.22.54.104 (None, )

ASN13335 (CLOUDFLARENET, US)

rum-static.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.63.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bi-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.253.115.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f94.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 31.13.66.19 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.31.156 (Oxford, United States)

ASN15169 (GOOGLE, US)
PTR: bj-in-f156.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.253.122.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.66.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.16.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bl-in-f94.1e100.net

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.167.190 (United States)

ASN15169 (GOOGLE, US)
PTR: ww-in-f190.1e100.net

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.72.158.246 (None, )

ASN- ()

rum-collector-2.pingdom.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	compasscard.ca www.compasscard.ca	371 KB
10	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 42	43 KB
6	gstatic.com www.gstatic.com fonts.gstatic.com	428 KB
6	google.com www.google.com — Cisco Umbrella Rank: 2	34 KB
4	fonts.net fast.fonts.net — Cisco Umbrella Rank: 4116	32 KB
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 187	121 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 85	68 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 116	216 B
2	google.ca www.google.ca — Cisco Umbrella Rank: 9740	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 98	421 B
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 56	174 KB
2	pingdom.net rum-static.pingdom.net — Cisco Umbrella Rank: 6368 rum-collector-2.pingdom.net	3 KB
1	googleapis.com ajax.googleapis.com — Cisco Umbrella Rank: 405	30 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1183	7 KB
74	14

	Domain	Requested by
31	www.compasscard.ca	www.compasscard.ca
10	www.google-analytics.com	www.compasscard.ca www.google-analytics.com www.googletagmanager.com
6	www.google.com	www.compasscard.ca www.gstatic.com www.google.com
4	www.gstatic.com	www.google.com www.gstatic.com
4	fast.fonts.net	www.compasscard.ca fast.fonts.net
3	connect.facebook.net	www.compasscard.ca connect.facebook.net
2	www.youtube.com	www.compasscard.ca www.youtube.com
2	fonts.gstatic.com	www.google.com
2	www.facebook.com	www.compasscard.ca
2	www.google.ca	www.compasscard.ca
2	stats.g.doubleclick.net	www.google-analytics.com
2	www.googletagmanager.com	www.compasscard.ca www.googletagmanager.com
1	rum-collector-2.pingdom.net	rum-static.pingdom.net
1	rum-static.pingdom.net	www.compasscard.ca
1	ajax.googleapis.com	www.compasscard.ca
1	maxcdn.bootstrapcdn.com	www.compasscard.ca
74	16

This site contains links to these domains. Also see Links.

Domain
www.translink.ca
tripplanning.translink.ca

Subject Issuer	Validity	Valid
imperva.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-05-30` - `2023-11-26`	6 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-05` - `2024-05-04`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
www.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
pingdom.net Cloudflare Inc ECC CA-3	`2022-11-13` - `2023-11-13`	a year	crt.sh
*.gstatic.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-07-17` - `2023-10-15`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-09-04` - `2023-11-27`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2023-09-18` - `2023-12-11`	3 months	crt.sh
*.pingdom.net Amazon RSA 2048 M01	`2023-02-10` - `2023-12-20`	10 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.compasscard.ca/loadcard
Frame ID: B6FAF218EFBCE2652F91E47019F6E883
Requests: 67 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeyDKAUAAAAAOsbeioQeaky-k1bWjj-OoaeRubn&co=aHR0cHM6Ly93d3cuY29tcGFzc2NhcmQuY2E6NDQz&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=jchlkvx86gu8
Frame ID: 8CEB3D1F94B5CD30F8871E900E0635FC
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Compass - Load Card

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

RequireJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

require.*\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Imperva (Security) Expand

Overall confidence: 100%
Detected patterns

/_Incapsula_Resource

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

([\d.]+)?/modernizr(?:\.([\d.]+))?.*\.js

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

74
Requests

100 %
HTTPS

0 %
IPv6

14
Domains

16
Subdomains

16
IPs

2
Countries

1313 kB
Transfer

3735 kB
Size

17
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://www.translink.ca/rider-guide/tap-in-to-win
Title: Enter today

Search URL Search Domain Scan URL

URL: https://www.translink.ca/
Title: Translink

Search URL Search Domain Scan URL

URL: http://tripplanning.translink.ca/
Title: Trip Planner

Search URL Search Domain Scan URL

URL: https://www.translink.ca/transit-fares
Title: Fares & Passes

Search URL Search Domain Scan URL

URL: https://www.translink.ca/terms-and-conditions
Title: Website Terms & Conditions

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

74 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request loadcard Show response
www.compasscard.ca/ 42 KB
12 KB 175ms
108ms Document
text/html 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

18af52b13cbd305a192904bc1fb803188cf46cb485919177be901891e979f735

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Access-Control-Allow-Headers: accept, content-type
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Origin: *
Cache-Control: private
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Type: text/html; charset=utf-8
Date: Sun, 08 Oct 2023 00:51:00 GMT
Referrer-Policy: strict-origin-when-cross-origin
Server: nginx/1.25.1
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Transfer-Encoding: chunked
X-CDN: Imperva
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Iinfo: 58-32193233-31749710 pNYy RT(1696726261491 32) q(0 0 0 1) r(0 1) U12
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()

GET
H2 200 458ba616-4a40-47ef-8455-b2d62f68c2ed.css
fast.fonts.net/cssapi/ 11 KB
2 KB 178ms
134ms Stylesheet
text/css 104.16.250.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/cssapi/458ba616-4a40-47ef-8455-b2d62f68c2ed.css
Requested by: Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.250.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: add093146ec51e0bc281e9b68d69ba48e6906c17275a44f5763995e5bf8cd582

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

x-amz-meta-mtime: 1486579007
date: Sun, 08 Oct 2023 00:51:02 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: REVALIDATED
last-modified: Wed, 17 Feb 2021 00:16:26 GMT
server: cloudflare
x-amz-request-id: 07GX1Z6B0RB6AQ9B
etag: W/"6be11eec813368006eee8d0cd460579f"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=300
cf-ray: 812a64a4ddf754af-YYZ
x-amz-id-2: JnTpP0LZUleQmp0YnUiMURcSJN9mQPt70gsTtpPzxkk9EJe+0sjf/QkUSUoKqOBUAV18+Be9848=
expires: Sun, 08 Oct 2023 00:56:02 GMT

GET
H/1.1 200
OK fullcalendar.min.css
www.compasscard.ca/css/ 16 KB
4 KB 187ms
178ms Stylesheet
text/css 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.compasscard.ca/css/fullcalendar.min.css?id=8.1.8627.19621
Requested by: Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.152.124 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 0ed6f0959a447ad8284025379f7c1e7e70919ec3f525bf7fb6a25921a5210a2d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Aug 2023 17:16:04 GMT
X-CDN: Imperva
Etag: "022c02b9ccfd91:0"
Content-Type: text/css
X-Iinfo: 58-32193233-32181416 2VNN RT(1696726261491 156) q(0 0 0 -1) r(1 1)
Content-Length: 3661

GET
H/1.1 200
OK calendarview.css
www.compasscard.ca/css/ 2 KB
1 KB 231ms
176ms Stylesheet
text/css 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.compasscard.ca/css/calendarview.css?id=8.1.8627.19621
Requested by: Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.152.124 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e26a8f2a7287fd40a689869c9998d3f87af3dc38e15e921cfaceac973dd34bc3

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Aug 2023 17:16:04 GMT
X-CDN: Imperva
Etag: "022c02b9ccfd91:0"
Content-Type: text/css
X-Iinfo: 19-9569993-9534673 2VNN RT(1696726261664 27) q(0 0 0 -1) r(2 2)
Content-Length: 666

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 71ms
30ms Stylesheet
text/css 104.18.11.207
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.11.207 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:02 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 722
age: 11694595
cdn-cachedat: 11/18/2022 06:18:29
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.03
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 86fd96f5aa4c1b4ae340363f44e3ac4f
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 812a64a4df96a22c-YYZ
cdn-requestpullsuccess: True

GET
H/1.1 200
OK styles.css
www.compasscard.ca/css/ 163 KB
28 KB 297ms
236ms Stylesheet
text/css 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.compasscard.ca/css/styles.css?id=8.1.8627.19621
Requested by: Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.152.124 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 5060512e62e566cc084d985d4e66597039634a32fb167fa3e7ce24b41e000d74

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Aug 2023 17:54:18 GMT
X-CDN: Imperva
Etag: "0c11483a1cfd91:0"
Content-Type: text/css
X-Iinfo: 61-36831057-36802595 2VNN RT(1696726261669 33) q(0 0 0 -1) r(2 2)
Content-Length: 28496

GET
H/1.1 200
OK modernizr.custom.js Show response
www.compasscard.ca/js/lib/ 14 KB
7 KB 147ms
86ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/modernizr.custom.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

2793928934eddc9015b5169a43d075ca998828d2b9497685f98a2c18c17fb5d8

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 19-9569994-9555165 pNYy RT(1696726261668 31) q(0 1 1 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:34 GMT
Server: nginx/1.25.1
ETag: "0299e8ca1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 119ms
35ms Script
text/javascript 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 08 Oct 2023 00:10:39 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2423
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 08 Oct 2023 02:10:39 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
905 B 56ms
49ms Script
text/javascript 172.253.115.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f106.1e100.net

Software

GSE /

Resource Hash

669127738c04b1074b227ad5bf263c92522b37dcaa62dae7d46f2e8c6fc38eba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sun, 08 Oct 2023 00:51:02 GMT

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 125ms
50ms Script
text/javascript 172.253.115.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=6LeyDKAUAAAAAOsbeioQeaky-k1bWjj-OoaeRubn

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f106.1e100.net

Software

GSE /

Resource Hash

10dd92668ca9d93a2201ac7d2188715999a1e6061fc9dd0c65ff909c54f54f06

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:02 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sun, 08 Oct 2023 00:51:02 GMT

GET
H/1.1 200
OK respond.min.js Show response
www.compasscard.ca/js/lib/ 4 KB
3 KB 143ms
82ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/respond.min.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

da6e7d563e34c7b891a4ec436c236eeeec6d2ffb669eed5ac59b6813317ebe8c

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 62-38343310-38215957 pNYy RT(1696726261669 31) q(0 1 1 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:36 GMT
Server: nginx/1.25.1
ETag: "056cf8da1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK WebResource.axd Show response
www.compasscard.ca/ 23 KB
6 KB 286ms
224ms Script
application/x-javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/WebResource.axd?d=rvD1PMS8WiFekboE30N_wm69zuGUoXI11HBwme9VLbA5JNT7epQL7AgLVC-X7NGS4O0T0AXLbltWMfP7z-_ic4wFD9I1&t=638240091755514788

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 2-16963246-16949209 2NYN RT(1696726261670 31) q(0 0 0 -1) r(1 1)
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 04 Jul 2023 02:26:15 GMT
Server: nginx/1.25.1
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Access-Control-Allow-Headers: accept, content-type
Expires: Sat, 05 Oct 2024 22:07:18 GMT

GET
H/1.1 200
OK ScriptResource.axd Show response
www.compasscard.ca/ 26 KB
7 KB 380ms
236ms Script
application/x-javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/ScriptResource.axd?d=Kq8sunMvQ0p0m0JESi0GHjZ3fEdkaGKMHT5X43piHwMD1qdXS9WDH_cvB77z5f7vhvf66wpDVSNYet9Yj8xC-3DsZ07hMAIVtJHaOt4WNQ9x6bherWLO8FmXXPF-9LaID11dEkOWIPp_C2FgeI1jqwppxoY1&t=2a5257eb

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
X-CDN: Imperva
X-Iinfo: 62-38343310-38325379 2NNN RT(1696726261669 115) q(0 0 0 -1) r(2 2)
Connection: keep-alive
Content-Length: 5479
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 06 Oct 2023 22:07:18 GMT
Server: nginx/1.25.1
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Access-Control-Allow-Headers: accept, content-type
Expires: Sat, 05 Oct 2024 22:07:18 GMT

GET
H/1.1 200
OK ScriptResource.axd Show response
www.compasscard.ca/ 100 KB
27 KB 383ms
234ms Script
application/x-javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/ScriptResource.axd?d=yJEokijoA-31Sqdq53eQc-LxpGFkgDLPFSkSi65rVrcV85jXVy_RA0erd8dyhKJoTN_7dNP4l8g8MqT3QGPf6lScRTjVJPCS9HmfXURsH84kAsgFumlVuigoiEwxMZxT9ZvmNH8BvLGpz8krx_L-yJ-fWxM1&t=96346c8

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
X-CDN: Imperva
X-Iinfo: 19-9569994-9559430 2NNN RT(1696726261668 120) q(0 0 0 -1) r(2 2)
Connection: keep-alive
Content-Length: 25609
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 06 Oct 2023 22:07:18 GMT
Server: nginx/1.25.1
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Access-Control-Allow-Headers: accept, content-type
Expires: Sat, 05 Oct 2024 22:07:18 GMT

GET
H/1.1 200
OK ScriptResource.axd Show response
www.compasscard.ca/ 39 KB
11 KB 273ms
86ms Script
application/x-javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/ScriptResource.axd?d=CFKm-XjjPRIKV3Fdo4XAT1c4GktcqOERicGMHlP2LZ92xgbRG9vdqWabPU9ojtEXRTz_CcYwEGm4iq7xXou4EYgHEhBAnhWnd0SWbw8QS3SEqPiuN_1vBv1LXKdwwEoR62tXa5bJzuWrJDvV0rLZH4RSY9rpNTUgNCL8atyu1B-8aHi30&t=96346c8

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Permitted-Cross-Domain-Policies: none
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
X-CDN: Imperva
X-Iinfo: 58-32193233-32181416 2NNN RT(1696726261491 339) q(0 0 0 -1) r(0 0)
Connection: keep-alive
Content-Length: 9984
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 06 Oct 2023 22:07:18 GMT
Server: nginx/1.25.1
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Cache-Control: public
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Access-Control-Allow-Headers: accept, content-type
Expires: Sat, 05 Oct 2024 22:07:18 GMT

GET
H/1.1 200
OK print.css
www.compasscard.ca/css/ 628 B
677 B 86ms
86ms Stylesheet
text/css 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.compasscard.ca/css/print.css?id=8.1.8627.19621
Requested by: Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.152.124 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 26cf2f75f160855697d4b31b9367b60c125b77feb88af7229c35b8d85c37f9c5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:02 GMT
Content-Encoding: gzip
Last-Modified: Tue, 15 Aug 2023 17:54:12 GMT
X-CDN: Imperva
Etag: "03a817fa1cfd91:0"
Content-Type: text/css
X-Iinfo: 58-32193233-32173710 2VNN RT(1696726261491 538) q(0 0 0 -1) r(0 0)
Content-Length: 275

GET
H/1.1 200
OK preRender.js Show response
www.compasscard.ca/js/ 1 KB
2 KB 303ms
80ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/preRender.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

b679a5fdb95d785fa409b97176a96ae052c1680b7a99cc028301ddec2a591799

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 19-9569993-9555165 pNYy RT(1696726261664 204) q(0 0 0 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:26 GMT
Server: nginx/1.25.1
ETag: "075d987a1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H2 200 jquery.min.js Show response
ajax.googleapis.com/ajax/libs/jquery/3.7.0/ 85 KB
30 KB 116ms
38ms Script
text/javascript 172.253.63.95
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/jquery/3.7.0/jquery.min.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.95 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f95.1e100.net

Software

sffe /

Resource Hash

d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 00:24:20 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 174402
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 30433
x-xss-protection: 0
last-modified: Wed, 17 May 2023 18:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 05 Oct 2024 00:24:20 GMT

GET
H/1.1 200
OK moment.min.js Show response
www.compasscard.ca/js/lib/ 50 KB
18 KB 359ms
90ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/moment.min.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

413c508a821bfcb190de8c5afd126354ba8f805ec51d5ec4abed852727d74dab

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 58-32193233-31749710 sNYy RT(1696726261491 427) q(0 0 0 -1) r(0 0) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:36 GMT
Server: nginx/1.25.1
ETag: "056cf8da1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK fullcalendar.min.js Show response
www.compasscard.ca/js/lib/ 213 KB
57 KB 368ms
88ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/fullcalendar.min.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

f7e981b56ca3b702d0f3aa97921d49a980091c680c8bd61537fe31b3d6f1a0e9

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 2-16963246-16931184 pNYy RT(1696726261670 257) q(0 0 0 -1) r(0 0) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:30 GMT
Server: nginx/1.25.1
ETag: "0cf3b8aa1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK details-polyfill-1.1.0.min.js Show response
www.compasscard.ca/js/lib/ 1010 B
2 KB 382ms
79ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/details-polyfill-1.1.0.min.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

4bcac1db6ec261a346c40f7b1c5e5b62a9ea39ab8d4a4c824a7841cc03b11bae

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 19-9569993-9555165 sNYy RT(1696726261664 287) q(0 0 0 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:26 GMT
Server: nginx/1.25.1
ETag: "075d987a1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK require.js Show response
www.compasscard.ca/js/lib/ 15 KB
8 KB 400ms
92ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/require.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

643d5e47d5bab61e5e3e2e4a21477acef3715d19a51b8981cfceaa5efd4050ef

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 61-36831057-36586570 pNYy RT(1696726261669 289) q(0 0 0 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:36 GMT
Server: nginx/1.25.1
ETag: "056cf8da1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H2 200 pa-5a2ad4d2aae1bc0007000105.js Show response
rum-static.pingdom.net/ 6 KB
3 KB 83ms
30ms Script
application/javascript 104.22.54.104
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-static.pingdom.net/pa-5a2ad4d2aae1bc0007000105.js
Requested by: Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.22.54.104 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0999e422d9f420de8feef49de79dc690f972c6a1cd25c949a1b7960c10533875

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:02 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Fri, 14 Oct 2022 06:22:28 GMT
server: cloudflare
age: 92
etag: W/"63490024-1852"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400
cf-ray: 812a64a75c7639c3-YYZ
expires: Sun, 08 Oct 2023 00:54:30 GMT

GET
H/1.1 200
OK _Incapsula_Resource Show response
www.compasscard.ca/ 146 KB
21 KB 37ms
37ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL: https://www.compasscard.ca/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=573690445
Requested by: Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.152.124 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: 07ea40f5812ff95c40bf53ca26aab0b1d9e1e9b7ea60e5ebe8367dadef88458d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Cache-Control: no-cache, no-store
Content-Encoding: gzip
X-Robots-Tag: noindex
Content-Length: 21051
Content-Type: application/javascript

GET
H2 200 1.css
fast.fonts.net/t/ 0
250 B 31ms
31ms Stylesheet
text/css 104.16.250.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/t/1.css?apiType=css&projectid=458ba616-4a40-47ef-8455-b2d62f68c2ed
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/458ba616-4a40-47ef-8455-b2d62f68c2ed.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.250.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://fast.fonts.net/cssapi/458ba616-4a40-47ef-8455-b2d62f68c2ed.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:02 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: NC6TK2FK7QTSWRP0
age: 63262
content-length: 0
x-amz-id-2: g3LlksYwuoyfClztKqHvxZVSzlI6a6S9Ah9xIKKNswLUEhYp5wTxVzdZxxQdUNEbpwBahRj1nXnOk6DcB02Pb4MQ8Rv08lwnjBOq1QDFFcM=
last-modified: Tue, 23 Mar 2021 12:59:23 GMT
server: cloudflare
etag: "d41d8cd98f00b204e9800998ecf8427e"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
cache-control: public, max-age=0, s-maxage=604800
accept-ranges: bytes
cf-ray: 812a64a5bec854af-YYZ
x-amz-meta-mtime: 1519217722

GET
H2 200 4ce43a49-0d61-4c34-8054-465d5981fd0b.woff2
fast.fonts.net/dv2/14/ 15 KB
15 KB 68ms
31ms Font
application/octet-stream 104.16.250.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/4ce43a49-0d61-4c34-8054-465d5981fd0b.woff2?d44f19a684109620e484167ea590e818eb16bf8a939db911f5fcd7be2054b5af9f407fd262b0c12d2afbf364f394455f96d724c622124c74d6cd039426a7810c06c0d2684998264471f09b3f77ade2e0d1da11c3443e0eaccd4b664f68d7cf7d4855951287fbfffd5c1f057886c7f2bf8f407a91b2cd57e95ca78c73a382ebe6dc0811f18f0583bb006242a4351ee4ad37db9d0306772ffa3fc1bf75f28a74a6f9e063909cc81caee1b8dc7519bfb7a666741a1f07deef3b2c8b5134f608904e3523d363b2c287c98204135d152b9dfe556da1262061b2364eec7d434774fbb7538cbfbcf9d361afd3b4e093471c5ec05a98385a6f2d40feae13d31e9949714bb6cd95a566d5b65ddae7d7faed91bafd&projectId=458ba616-4a40-47ef-8455-b2d62f68c2ed
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/458ba616-4a40-47ef-8455-b2d62f68c2ed.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.250.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8b6dc58150765a17f3f335db8240ea618a008ec21a03e0bda7b9a398e6202bdb

Request headers

Referer: https://fast.fonts.net/cssapi/458ba616-4a40-47ef-8455-b2d62f68c2ed.css
Origin: https://www.compasscard.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

expires: Sun, 08 Oct 2023 00:56:02 GMT
date: Sun, 08 Oct 2023 00:51:02 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: V6FPVH8TGQTD9AT9
age: 1117
content-length: 15028
x-amz-id-2: DfXI5IagdCtSADcfb2Vlpl/vziiYcBeMwqHPk7nrroqmgM8PnNpF0xzHpnrj39QiNz5GhdK8ctc=
last-modified: Fri, 13 Nov 2020 13:42:04 GMT
server: cloudflare
etag: "8247604c5f19488b2364a9e28ec2d87a"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 812a64a7093039fd-YYZ
x-amz-meta-mtime: 1417865317

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 248 KB
87 KB 132ms
54ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M9BPBKL

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

72ea5ef0690f58e88238ec69cba0cd9c7c8379943fe24d650f9e50fdceb5c5e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88654
x-xss-protection: 0
last-modified: Sun, 08 Oct 2023 00:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 08 Oct 2023 00:51:02 GMT

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ 464 KB
186 KB 117ms
37ms Script
text/javascript 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6LeyDKAUAAAAAOsbeioQeaky-k1bWjj-OoaeRubn

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

sffe /

Resource Hash

b1a65063717196413801187164cad067a3c8b3f1c8d7cf768de32d1230ecdf3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.compasscard.ca/
Origin: https://www.compasscard.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 17:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111269
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 189597
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 04:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 05 Oct 2024 17:56:33 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 198 KB
53 KB 113ms
36ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 08 Oct 2023 00:51:02 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 53356
x-xss-protection: 0
pragma: public
x-fb-debug: i7Yx9qIPZPJoic/WvsCbhF5O+MO8MrDHODgisCMcBLt825IZEvv2hOIl8PbcD1goLZ0PpHJpuuBtiK+/U5evbA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK TL-AC-Logo-Pattern-Tile.png
www.compasscard.ca/images/ 12 KB
13 KB 114ms
113ms Image
image/png 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.compasscard.ca/images/TL-AC-Logo-Pattern-Tile.png?1692119762

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/css/styles.css?id=8.1.8627.19621

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

031fcd141a16bcbe3582f6ed40b71fc8d9c675a40e03c8cf34c0064ea26b5abd

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/css/styles.css?id=8.1.8627.19621
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
X-Iinfo: 61-36831057-36586570 sNNy RT(1696726261669 399) q(0 0 0 -1) r(1 1) U2
Connection: keep-alive
Content-Length: 12004
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:16:04 GMT
Server: nginx/1.25.1
ETag: "022c02b9ccfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK sprite-s599e3523b9.png
www.compasscard.ca/images/ 31 KB
33 KB 370ms
369ms Image
image/png 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.compasscard.ca/images/sprite-s599e3523b9.png

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/css/styles.css?id=8.1.8627.19621

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

aa23620f80e8a80685879bb1bc3d09b12e3a631e205c1e45f8d03674fd60ce76

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/css/styles.css?id=8.1.8627.19621
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
X-Iinfo: 19-9569994-9555165 pNNy RT(1696726261668 401) q(0 0 0 -1) r(4 4) U2
Connection: keep-alive
Content-Length: 32079
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:10 GMT
Server: nginx/1.25.1
ETag: "0d507ea1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: image/png
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H2 200 94400875-1ce0-47f5-b278-c6ccfa287f52.woff2
fast.fonts.net/dv2/14/ 15 KB
15 KB 32ms
30ms Font
application/octet-stream 104.16.250.67
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fast.fonts.net/dv2/14/94400875-1ce0-47f5-b278-c6ccfa287f52.woff2?d44f19a684109620e484167ea590e818eb16bf8a939db911f5fcd7be2054b5af9f407fd262b0c12d2afbf364f394455f96d724c622124c74d6cd039426a7810c06c0d2684998264471f09b3f77ade2e0d1da11c3443e0eaccd4b664f68d7cf7d4855951287fbfffd5c1f057886c7f2bf8f407a91b2cd57e95ca78c73a382ebe6dc0811f18f0583bb006242a4351ee4ad37db9d0306772ffa3fc1bf75f28a74a6f9e063909cc81caee1b8dc7519bfb7a666741a1f07deef3b2c8b5134f608904e3523d363b2c287c98204135d152b9dfe556da1262061b2364eec7d434774fbb7538cbfbcf9d361afd3b4e093471c5ec05a98385a6f2d40feae13d31e9949714bb6cd95a566d5b65ddae7d7faed91bafd&projectId=458ba616-4a40-47ef-8455-b2d62f68c2ed
Requested by: Host: fast.fonts.net
URL: https://fast.fonts.net/cssapi/458ba616-4a40-47ef-8455-b2d62f68c2ed.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.250.67 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 07625061cdc088c8e2680ea66c6f722de21dd476486e2b669f6488ab1f4b35f8

Request headers

Referer: https://fast.fonts.net/cssapi/458ba616-4a40-47ef-8455-b2d62f68c2ed.css
Origin: https://www.compasscard.ca
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

expires: Sun, 08 Oct 2023 00:56:02 GMT
date: Sun, 08 Oct 2023 00:51:02 GMT
x-amz-version-id: null
cf-cache-status: HIT
x-amz-request-id: V6FVV3MZMNH8WD85
age: 1117
content-length: 15128
x-amz-id-2: hhpEfYDTGTzODPijJTU0z4i/EnfWB9oqR4hp+I8Cv7ECBb2Y7keqJb4P6wO5h/2NwGGYtteWwmY=
last-modified: Sat, 14 Nov 2020 06:45:40 GMT
server: cloudflare
etag: "f81fc87f5aef2db72ed7704cda06c41d"
vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/octet-stream
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin
cache-control: public, max-age=300
accept-ranges: bytes
cf-ray: 812a64a7496e39fd-YYZ
x-amz-meta-mtime: 1417662841

GET
H/1.1 200
OK main.js Show response
www.compasscard.ca/js/ 5 KB
4 KB 83ms
83ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/main.js?id=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

224b134c39cf57a66e6551df18a7578dbb359a2e5c4d42346299992fa3bbc9b0

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 58-32193233-31749710 sNYy RT(1696726261491 630) q(0 0 0 -1) r(0 0) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:26 GMT
Server: nginx/1.25.1
ETag: "075d987a1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK _Incapsula_Resource
www.compasscard.ca/ 1 B
123 B 31ms
31ms Image
text/plain 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.compasscard.ca/_Incapsula_Resource?SWKMTFSR=1&e=0.4141939320551815
Requested by: Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 45.60.152.124 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Cache-Control: no-cache, no-store
X-Robots-Tag: noindex
Content-Length: 1
Content-Type: text/plain

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1 KB 36ms
35ms Script
text/javascript 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:18:59 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1924
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 697
x-xss-protection: 0
last-modified: Fri, 30 Jun 2023 18:58:00 GMT
server: sffe
vary: Accept-Encoding
report-to: {"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type: text/javascript
cache-control: public, max-age=3600
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="static-on-bigtable"
expires: Sun, 08 Oct 2023 01:18:59 GMT

GET
H2 200 394646334041450 Show response
connect.facebook.net/signals/config/ 131 KB
34 KB 141ms
140ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/394646334041450?v=2.9.132&r=stable&domain=www.compasscard.ca

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

f444ce8f621cda58add126f0829fee372db0b05e4bb75f6de50af086121ffe99

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 08 Oct 2023 00:51:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: 5NpW/Ty0MEk5ofktVzuJR+QXty6RC/wG80pZM2kBtuDYkEGKw5oD+Ltl3vPvEyOOJ9BbKU4MUtB/4HgA4siDMg==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 254 KB
87 KB 53ms
52ms Script
application/javascript 172.253.63.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-RPFHVLDLZ8&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M9BPBKL

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.63.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bi-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

30ab85b8ac30f16994461a60013bb53dc6b1ad634583d1adbf87499aaf087c4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 88533
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 08 Oct 2023 00:51:03 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
210 B 43ms
42ms XHR
text/plain 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1233423018&t=pageview&_s=1&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&ul=en-us&de=UTF-8&dt=Compass%20-%20Load%20Card&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=KGBAgAAjAAAAACAAI~&jid=170621081&gjid=1404010528&cid=2136899225.1696726263&tid=UA-812499-35&_gid=1667155583.1696726263&_slc=1&z=19107890

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.compasscard.ca/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Oct 2023 00:51:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.compasscard.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
351 B 117ms
44ms XHR
text/plain 142.250.31.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-812499-35&cid=2136899225.1696726263&jid=170621081&gjid=1404010528&_gid=1667155583.1696726263&_u=KGBAgAAjAAAAAGAAI~&z=742290923

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.156 Oxford, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.compasscard.ca/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 08 Oct 2023 00:51:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.compasscard.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 8CEB 57 KB
32 KB 136ms
135ms Document
text/html 172.253.115.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeyDKAUAAAAAOsbeioQeaky-k1bWjj-OoaeRubn&co=aHR0cHM6Ly93d3cuY29tcGFzc2NhcmQuY2E6NDQz&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=jchlkvx86gu8

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f106.1e100.net

Software

GSE /

Resource Hash

182ac9de017eaf7938599a391e78f4d4a5f756346bc17afb12b5d21ec8fe5048

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-TZVwMlWar-mXfO73ALj7xw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.compasscard.ca/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-TZVwMlWar-mXfO73ALj7xw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Sun, 08 Oct 2023 00:51:03 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK jquery-global.js Show response
www.compasscard.ca/js/lib/ 59 B
2 KB 82ms
82ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/jquery-global.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

9e7c9312d0f846d1ff5dd1d74ccd22587663f7851f45a67bf2dfaf040b7788fd

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 58-32193233-31749710 sNYy RT(1696726261491 809) q(0 1 1 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:32 GMT
Server: nginx/1.25.1
ETag: "0fc6c8ba1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK appendAround.js Show response
www.compasscard.ca/js/lib/ 444 B
2 KB 117ms
116ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/appendAround.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

28ae7b4ed081fbd9b5341a370a7a4134e21ba5f6ba22285f21f0ba81d2dc2b3f

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 2-16963246-16931184 sNYy RT(1696726261670 630) q(0 1 1 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:26 GMT
Server: nginx/1.25.1
ETag: "075d987a1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK app.js Show response
www.compasscard.ca/js/app/ 102 KB
29 KB 3157ms
3156ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/app/app.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

a4dfadfa45ab7b21bce659c64149ab3cf815fd736d885ccfdbd4a112a7295f8c

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 61-36831057-36586570 sNYy RT(1696726261669 632) q(0 0 0 -1) r(31 31) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:38 GMT
Server: nginx/1.25.1
ETag: "08308fa1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK customInput.jquery.js Show response
www.compasscard.ca/js/lib/ 1 KB
2 KB 86ms
85ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/customInput.jquery.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

ffdb7aa28f59c0b40bda8ae85a7718f77209bdc75f0679279a1e334d157a589b

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 62-38343310-38215957 sNYy RT(1696726261669 632) q(0 0 0 -1) r(0 0) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:26 GMT
Server: nginx/1.25.1
ETag: "075d987a1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK jquery-ui.min.js Show response
www.compasscard.ca/js/lib/ 197 KB
56 KB 87ms
86ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/jquery-ui.min.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

a6f61013c482e826879d8bb4a87051cb9d49b070a3cce4e54bca4abe9a3063fc

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 19-9569993-9459017 pNYN RT(1696726261664 635) q(0 1 1 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:34 GMT
Server: nginx/1.25.1
ETag: "0299e8ca1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK jquery.cookie.js Show response
www.compasscard.ca/js/lib/ 1 KB
2 KB 83ms
83ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/jquery.cookie.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

ab473d34352510fc2cbf4dba40a446b2eb1fe6ee75250ee7c14f73e4887e7774

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 58-32193233-31749710 sNYy RT(1696726261491 894) q(0 0 0 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:34 GMT
Server: nginx/1.25.1
ETag: "0299e8ca1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK jquery.inputmask.js Show response
www.compasscard.ca/js/lib/ 6 KB
4 KB 86ms
86ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/jquery.inputmask.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

a6132cc952c9b1be1b49fccee579fe010c010fd1a64dc68b8267a363f6e77fe5

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 62-38343310-38215957 sNYy RT(1696726261669 717) q(0 0 0 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:34 GMT
Server: nginx/1.25.1
ETag: "0299e8ca1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK jquery.placeholder.js Show response
www.compasscard.ca/js/lib/ 2 KB
2 KB 81ms
81ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/jquery.placeholder.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

256a489beea4a14eca458f6e5436758f1fcb8dd34034d3c36dd21b22a5841f3b

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 2-16963246-16931184 sNYy RT(1696726261670 747) q(0 0 0 -1) r(0 0) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:34 GMT
Server: nginx/1.25.1
ETag: "0299e8ca1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK lazyload.js Show response
www.compasscard.ca/js/lib/ 2 KB
3 KB 92ms
92ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/lazyload.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

e35ff4d903a755d2bde38a3f939d59fcf9ac934243b88c08e13570b40cdd7240

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 58-32193233-31749710 sNYy RT(1696726261491 976) q(0 0 0 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:34 GMT
Server: nginx/1.25.1
ETag: "0299e8ca1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

GET
H/1.1 200
OK grayscale.js Show response
www.compasscard.ca/js/lib/ 4 KB
3 KB 86ms
86ms Script
application/javascript 45.60.152.124
INCAPSULA

General

Check archive.org

Show headers Download Go to

Full URL

https://www.compasscard.ca/js/lib/grayscale.js?v=8.1.8627.19621

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/lib/require.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

45.60.152.124 , United States, ASN19551 (INCAPSULA, US),

Reverse DNS

Software

nginx/1.25.1 /

Resource Hash

175727ad44c7f85c9916a040744b3a9b8778113896414a9a6336140f1313b900

Security Headers

Name	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/loadcard
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Date: Sun, 08 Oct 2023 00:51:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.requirejs.org *.google-analytics.com *.googleapis.com *.pingdom.net *.gstatic.com *.facebook.net *.facebook.com *.youtube.com *.googletagmanager.com *.ytimg.com *.gstatic.com *.vcft.local *.compasscard.ca *.microsoft.com *.bootstrapcdn.com *.translink.ca *.doubleclick.net *.azurewebsites.net *.postescanada-canadapost.ca *.cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' *.googletagmanager.com; frame-src 'self' *.youtube.com *.google.com
Content-Encoding: gzip
X-Permitted-Cross-Domain-Policies: none
X-CDN: Imperva
Transfer-Encoding: chunked
X-Iinfo: 62-38343310-38215957 sNYy RT(1696726261669 805) q(0 0 0 -1) r(1 1) U2
Connection: keep-alive
X-XSS-Protection: 1; mode=block
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 15 Aug 2023 17:54:30 GMT
Server: nginx/1.25.1
ETag: "0cf3b8aa1cfd91:0"
X-Frame-Options: SAMEORIGIN
Access-Control-Allow-Methods: POST, GET, OPTIONS
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
permissions-policy: autoplay=(), camera=(), encrypted-media=(), fullscreen=(*), geolocation=(*), microphone=(), midi=()
Accept-Ranges: bytes
Access-Control-Allow-Headers: accept, content-type

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 43ms
43ms Ping
text/plain 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-RPFHVLDLZ8&gtm=45je3a40&_p=1233423018&cid=2136899225.1696726263&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1696726263&sct=1&seg=0&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&dt=Compass%20-%20Load%20Card&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RPFHVLDLZ8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.167.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ww-in-f113.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Oct 2023 00:51:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.compasscard.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 50ms
50ms Image
image/gif 172.253.115.106
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-812499-35&cid=2136899225.1696726263&jid=170621081&_u=KGBAgAAjAAAAAGAAI~&z=491100613

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f106.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Oct 2023 00:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
408 B 126ms
49ms Image
image/gif 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-812499-35&cid=2136899225.1696726263&jid=170621081&_u=KGBAgAAjAAAAAGAAI~&z=491100613

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Oct 2023 00:51:03 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 278128245980809 Show response
connect.facebook.net/signals/config/ 131 KB
34 KB 75ms
75ms Script
application/x-javascript 31.13.66.19
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/278128245980809?v=2.9.132&r=stable&domain=www.compasscard.ca

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.66.19 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-iad3.fbcdn.net

Software

Resource Hash

4d96e49fd159fe201a239db0abbf480ce880d68313aed9a6e336af3c621032a8

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 08 Oct 2023 00:51:03 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: nYm1EuegjG3sPw3pmJJSKYICzDbnMHrzN+/5MwhFVy/GqNOdeea6yAesotc5QlV+D5y38N0D57XUJjcOlbx4/Q==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ Frame 8CEB 55 KB
24 KB 110ms
38ms Stylesheet
text/css 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeyDKAUAAAAAOsbeioQeaky-k1bWjj-OoaeRubn&co=aHR0cHM6Ly93d3cuY29tcGFzc2NhcmQuY2E6NDQz&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=jchlkvx86gu8

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 17:56:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111269
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 04:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 05 Oct 2024 17:56:34 GMT

GET
H3 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ Frame 8CEB 464 KB
185 KB 108ms
36ms Script
text/javascript 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__en.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

sffe /

Resource Hash

b1a65063717196413801187164cad067a3c8b3f1c8d7cf768de32d1230ecdf3c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Fri, 06 Oct 2023 17:56:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 111270
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 189597
x-xss-protection: 0
last-modified: Mon, 02 Oct 2023 04:05:03 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sat, 05 Oct 2024 17:56:33 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 105ms
35ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=394646334041450&ev=PageView&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&rl=&if=false&ts=1696726263338&sw=1600&sh=1200&v=2.9.132&r=stable&ec=0&o=30&fbp=fb.1.1696726263337.442549617&ler=empty&it=1696726263040&coo=false&exp=a0&rqm=GET

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 08 Oct 2023 00:51:03 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 105ms
35ms Image
text/plain 31.13.66.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=278128245980809&ev=PageView&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&rl=&if=false&ts=1696726263340&sw=1600&sh=1200&v=2.9.132&r=stable&ec=0&o=30&fbp=fb.1.1696726263337.442549617&ler=empty&it=1696726263040&coo=false&exp=a0&rqm=GET

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/loadcard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.66.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 08 Oct 2023 00:51:03 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 8CEB 2 KB
2 KB 36ms
35ms Image
image/png 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/styles__ltr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 02:51:02 GMT
x-content-type-options: nosniff
age: 252001
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Thu, 12 Oct 2023 02:51:02 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8CEB 15 KB
16 KB 111ms
38ms Font
font/woff2 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 02:41:32 GMT
x-content-type-options: nosniff
age: 252571
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Oct 2024 02:41:32 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 8CEB 15 KB
15 KB 128ms
54ms Font
font/woff2 142.251.16.94
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.16.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bl-in-f94.1e100.net

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Thu, 05 Oct 2023 03:00:08 GMT
x-content-type-options: nosniff
age: 251455
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 04 Oct 2024 03:00:08 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 8CEB 102 B
135 B 50ms
50ms Other
text/javascript 172.253.115.106
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=lLirU0na9roYU3wDDisGJEVT

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f106.1e100.net

Software

GSE /

Resource Hash

5063a68a88966cff9baa3bf09bf0352e9c05164c66e9b4ef2c4d5453dc9e1ca7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LeyDKAUAAAAAOsbeioQeaky-k1bWjj-OoaeRubn&co=aHR0cHM6Ly93d3cuY29tcGFzc2NhcmQuY2E6NDQz&hl=en&v=lLirU0na9roYU3wDDisGJEVT&size=invisible&cb=jchlkvx86gu8
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Sun, 08 Oct 2023 00:51:03 GMT

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 149ms
72ms Script
text/javascript 142.251.167.190
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.compasscard.ca
URL: https://www.compasscard.ca/js/app/app.js?v=8.1.8627.19621

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.190 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f190.1e100.net

Software

ESF /

Resource Hash

10caf1e1bbca262b1a00dce458a9bd87a3889645f4e81bc32154b78e007e3d24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:51:06 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
content-type: text/javascript; charset=utf-8
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
cache-control: private, max-age=0
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Sun, 08 Oct 2023 00:51:06 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/4a66ccde/www-widgetapi.vflset/ 212 KB
66 KB 38ms
37ms Script
text/javascript 142.251.167.190
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/4a66ccde/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.167.190 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f190.1e100.net

Software

sffe /

Resource Hash

512c9862bb588a18908b13177fed2485bac5023c2557d8043fb962fcb9931265

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date: Sun, 08 Oct 2023 00:29:01 GMT
content-encoding: br
x-content-type-options: nosniff
age: 1325
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66928
x-xss-protection: 0
last-modified: Wed, 04 Oct 2023 01:54:50 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Mon, 07 Oct 2024 00:29:01 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
17 B 43ms
43ms Ping
text/plain 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-RPFHVLDLZ8&gtm=45je3a40&_p=1233423018&cid=2136899225.1696726263&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=2&sid=1696726263&sct=1&seg=0&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&dt=Compass%20-%20Load%20Card&en=scroll&epn.percent_scrolled=90&_et=5
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RPFHVLDLZ8&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.167.113 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ww-in-f113.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Oct 2023 00:51:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.compasscard.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H3 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 44ms
44ms XHR
text/plain 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1233423018&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&ul=en-us&de=UTF-8&dt=Compass%20-%20Load%20Card&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Compass%20-%20Load%20Card&ea=25&el=vertical%20scroll&_u=aGHAAEAjAAAAAGAAI~&jid=831506728&gjid=839476500&cid=2136899225.1696726263&tid=UA-812499-35&_gid=1667155583.1696726263&_r=1&gtm=45He3a40n81M9BPBKL&z=1440204243

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.compasscard.ca/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Sun, 08 Oct 2023 00:51:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.compasscard.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 36ms
36ms Script
text/javascript 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-M9BPBKL

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 08 Oct 2023 00:10:39 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 2427
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Sun, 08 Oct 2023 02:10:39 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 36ms
35ms Image
image/gif 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1233423018&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&ul=en-us&de=UTF-8&dt=Compass%20-%20Load%20Card&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Compass%20-%20Load%20Card&ea=50&el=vertical%20scroll&_u=aGHAAEAjAAAAAGAAI~&jid=&gjid=&cid=2136899225.1696726263&tid=UA-812499-35&_gid=1667155583.1696726263&gtm=45He3a40n81M9BPBKL&z=2129067533

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Oct 2023 09:05:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 56740
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 37ms
36ms Image
image/gif 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1233423018&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&ul=en-us&de=UTF-8&dt=Compass%20-%20Load%20Card&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Compass%20-%20Load%20Card&ea=75&el=vertical%20scroll&_u=aGHAAEAjAAAAAGAAI~&jid=&gjid=&cid=2136899225.1696726263&tid=UA-812499-35&_gid=1667155583.1696726263&gtm=45He3a40n81M9BPBKL&z=1195651870

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Oct 2023 09:05:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 56740
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H3 200 collect
www.google-analytics.com/ 35 B
55 B 38ms
36ms Image
image/gif 142.251.167.113
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j101&a=1233423018&t=event&ni=0&_s=1&dl=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&ul=en-us&de=UTF-8&dt=Compass%20-%20Load%20Card&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Compass%20-%20Load%20Card&ea=100&el=vertical%20scroll&_u=aGHAAEAjAAAAAGAAI~&jid=&gjid=&cid=2136899225.1696726263&tid=UA-812499-35&_gid=1667155583.1696726263&gtm=45He3a40n81M9BPBKL&z=1020268678

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.167.113 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

ww-in-f113.1e100.net

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 07 Oct 2023 09:05:26 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 56740
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK beacon.gif Show response
rum-collector-2.pingdom.net/img/ 0
213 B 456ms
109ms XHR
text/plain 54.72.158.246

General

Check archive.org

Show headers Download Go to

Full URL: https://rum-collector-2.pingdom.net/img/beacon.gif?id=5a2ad4d2aae1bc0007000105&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=10&cE=69&dLE=10&dLS=2&fS=0&hS=26&rE=-1&rS=-1&reS=69&resS=177&resE=194&uEE=-1&uES=-1&dL=182&dI=652&dCLES=652&dCLEE=653&dC=4378&lES=4378&lEE=4380&s=nt&title=Compass%20-%20Load%20Card&path=https%3A%2F%2Fwww.compasscard.ca%2Floadcard&ref=&sId=3o7qcuiy&sST=1696726266&sIS=1&rV=0&v=1.4.1
Requested by: Host: rum-static.pingdom.net
URL: https://rum-static.pingdom.net/pa-5a2ad4d2aae1bc0007000105.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.72.158.246 -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Pragma: no-cache
Date: Sun, 08 Oct 2023 00:51:07 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 0
Expires: 0

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
70 B 45ms
44ms XHR
text/plain 142.250.31.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-812499-35&cid=2136899225.1696726263&jid=831506728&gjid=839476500&_gid=1667155583.1696726263&_u=aGHAAEAjAAAAAGAAI~&z=1600882617

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.156 Oxford, United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f156.1e100.net

Software

Golfe2 /

Resource Hash

8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.compasscard.ca/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Sun, 08 Oct 2023 00:51:06 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.compasscard.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.com/ads/ 42 B
63 B 49ms
48ms Image
image/gif 172.253.115.106
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-812499-35&cid=2136899225.1696726263&jid=831506728&_u=aGHAAEAjAAAAAGAAI~&z=1034087841

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.106 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f106.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Oct 2023 00:51:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ca/ads/ 42 B
107 B 51ms
51ms Image
image/gif 172.253.122.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-812499-35&cid=2136899225.1696726263&jid=831506728&_u=aGHAAEAjAAAAAGAAI~&z=1034087841

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.compasscard.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 08 Oct 2023 00:51:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

183 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

17 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.compasscard.ca/	1970-01-20 15:18:49	Name: srv_id Value: 8ee916a618a4551fc295a79fd1513b18
www.compasscard.ca/	1969-12-31 23:59:59	Name: cc_sid Value: 51pej0qmgdeg3kssp2zbvgxu
www.compasscard.ca/	1969-12-31 23:59:59	Name: __CSRFCOOKIE Value: 110f1a8511d3492e9366d0ea9ba0969c
.compasscard.ca/	1970-01-21 00:03:16	Name: visid_incap_147861 Value: H45JGijsRqWp5G3Uiwka+PX8IWUAAAAAQUIPAAAAAADsof74XVIf1qBmELcWEgjA
.compasscard.ca/	1969-12-31 23:59:59	Name: incap_ses_132_147861 Value: Vt3QAUixg29/8qmibfXUAfX8IWUAAAAAPSzreoEqpRf8tnVSjRk3Ng==
.fonts.net/	1970-01-20 15:18:48	Name: __cf_bm Value: e1qfwI8M9yRKRi35rtj42PGZYWYHiXX3jtf6oKAWWpM-1696726262-0-AbOmSYwgvvdak2kOh/1TIK0Fih50AewIn7qmq6RErRUtb0CJ6uhei2EwHRLouk0zdmrw/t6HVA1qjquocjuz+Ng=
.www.compasscard.ca/	1970-01-21 00:54:46	Name: _ga Value: GA1.3.2136899225.1696726263
.www.compasscard.ca/	1970-01-20 15:20:12	Name: _gid Value: GA1.3.1667155583.1696726263
.compasscard.ca/	1970-01-20 17:28:22	Name: _gcl_au Value: 1.1.427496286.1696726263
.www.compasscard.ca/	1970-01-20 15:18:46	Name: _gat Value: 1
.compasscard.ca/	1970-01-20 17:28:22	Name: _fbp Value: fb.1.1696726263337.442549617
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: 28sRJZ-7QVA
.youtube.com/	1970-01-20 19:37:58	Name: VISITOR_INFO1_LIVE Value: regoufM1maU
.compasscard.ca/	1970-01-21 00:54:46	Name: _ga_RPFHVLDLZ8 Value: GS1.1.1696726263.1.0.1696726266.0.0.0
.compasscard.ca/	1970-01-21 00:54:46	Name: _ga Value: GA1.2.2136899225.1696726263
.compasscard.ca/	1970-01-20 15:20:12	Name: _gid Value: GA1.2.1667155583.1696726263
.compasscard.ca/	1970-01-20 15:18:46	Name: _gat_UA-812499-35 Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' .google.com .requirejs.org .google-analytics.com .googleapis.com .pingdom.net .gstatic.com .facebook.net .facebook.com .youtube.com .googletagmanager.com .ytimg.com .gstatic.com .vcft.local .compasscard.ca .microsoft.com .bootstrapcdn.com .translink.ca .doubleclick.net .azurewebsites.net .postescanada-canadapost.ca .cubic.com;script-src-attr 'self' 'unsafe-eval' 'unsafe-inline'; frame-ancestors 'self' .googletagmanager.com; frame-src 'self' .youtube.com .google.com
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
connect.facebook.net
fast.fonts.net
fonts.gstatic.com
maxcdn.bootstrapcdn.com
rum-collector-2.pingdom.net
rum-static.pingdom.net
stats.g.doubleclick.net
www.compasscard.ca
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.gstatic.com
www.youtube.com
104.16.250.67
104.18.11.207
104.22.54.104
142.250.31.156
142.251.16.94
142.251.167.113
142.251.167.190
172.253.115.106
172.253.115.94
172.253.122.94
172.253.63.95
172.253.63.97
31.13.66.19
31.13.66.35
45.60.152.124
54.72.158.246
031fcd141a16bcbe3582f6ed40b71fc8d9c675a40e03c8cf34c0064ea26b5abd
07625061cdc088c8e2680ea66c6f722de21dd476486e2b669f6488ab1f4b35f8
07ea40f5812ff95c40bf53ca26aab0b1d9e1e9b7ea60e5ebe8367dadef88458d
0999e422d9f420de8feef49de79dc690f972c6a1cd25c949a1b7960c10533875
0ed6f0959a447ad8284025379f7c1e7e70919ec3f525bf7fb6a25921a5210a2d
10caf1e1bbca262b1a00dce458a9bd87a3889645f4e81bc32154b78e007e3d24
10dd92668ca9d93a2201ac7d2188715999a1e6061fc9dd0c65ff909c54f54f06
175727ad44c7f85c9916a040744b3a9b8778113896414a9a6336140f1313b900
182ac9de017eaf7938599a391e78f4d4a5f756346bc17afb12b5d21ec8fe5048
18af52b13cbd305a192904bc1fb803188cf46cb485919177be901891e979f735
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
224b134c39cf57a66e6551df18a7578dbb359a2e5c4d42346299992fa3bbc9b0
256a489beea4a14eca458f6e5436758f1fcb8dd34034d3c36dd21b22a5841f3b
26cf2f75f160855697d4b31b9367b60c125b77feb88af7229c35b8d85c37f9c5
2793928934eddc9015b5169a43d075ca998828d2b9497685f98a2c18c17fb5d8
28ae7b4ed081fbd9b5341a370a7a4134e21ba5f6ba22285f21f0ba81d2dc2b3f
30ab85b8ac30f16994461a60013bb53dc6b1ad634583d1adbf87499aaf087c4b
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
413c508a821bfcb190de8c5afd126354ba8f805ec51d5ec4abed852727d74dab
4bcac1db6ec261a346c40f7b1c5e5b62a9ea39ab8d4a4c824a7841cc03b11bae
4d96e49fd159fe201a239db0abbf480ce880d68313aed9a6e336af3c621032a8
5060512e62e566cc084d985d4e66597039634a32fb167fa3e7ce24b41e000d74
5063a68a88966cff9baa3bf09bf0352e9c05164c66e9b4ef2c4d5453dc9e1ca7
512c9862bb588a18908b13177fed2485bac5023c2557d8043fb962fcb9931265
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
643d5e47d5bab61e5e3e2e4a21477acef3715d19a51b8981cfceaa5efd4050ef
669127738c04b1074b227ad5bf263c92522b37dcaa62dae7d46f2e8c6fc38eba
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
72ea5ef0690f58e88238ec69cba0cd9c7c8379943fe24d650f9e50fdceb5c5e4
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
805270b078cde87b61bb57c8bd44f8b58b0d128f5a8efdd4395470b45b291d65
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
8b6dc58150765a17f3f335db8240ea618a008ec21a03e0bda7b9a398e6202bdb
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
9e7c9312d0f846d1ff5dd1d74ccd22587663f7851f45a67bf2dfaf040b7788fd
a4dfadfa45ab7b21bce659c64149ab3cf815fd736d885ccfdbd4a112a7295f8c
a6132cc952c9b1be1b49fccee579fe010c010fd1a64dc68b8267a363f6e77fe5
a6f61013c482e826879d8bb4a87051cb9d49b070a3cce4e54bca4abe9a3063fc
aa23620f80e8a80685879bb1bc3d09b12e3a631e205c1e45f8d03674fd60ce76
ab473d34352510fc2cbf4dba40a446b2eb1fe6ee75250ee7c14f73e4887e7774
add093146ec51e0bc281e9b68d69ba48e6906c17275a44f5763995e5bf8cd582
b1a65063717196413801187164cad067a3c8b3f1c8d7cf768de32d1230ecdf3c
b679a5fdb95d785fa409b97176a96ae052c1680b7a99cc028301ddec2a591799
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
da6e7d563e34c7b891a4ec436c236eeeec6d2ffb669eed5ac59b6813317ebe8c
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e26a8f2a7287fd40a689869c9998d3f87af3dc38e15e921cfaceac973dd34bc3
e35ff4d903a755d2bde38a3f939d59fcf9ac934243b88c08e13570b40cdd7240
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
f444ce8f621cda58add126f0829fee372db0b05e4bb75f6de50af086121ffe99
f7e981b56ca3b702d0f3aa97921d49a980091c680c8bd61537fe31b3d6f1a0e9
ffdb7aa28f59c0b40bda8ae85a7718f77209bdc75f0679279a1e334d157a589b

www.compasscard.ca Open in urlscan Pro 45.60.152.124 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

74 Requests

100 %HTTPS

0 %IPv6

14 Domains

16 Subdomains

16 IPs

2 Countries

1313 kBTransfer

3735 kBSize

17 Cookies

5 Outgoing links

Redirected requests

74 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.compasscard.ca Open in urlscan Pro
45.60.152.124 Public Scan

Screenshot
Live screenshot

Full Image

74
Requests

100 %
HTTPS

0 %
IPv6

14
Domains

16
Subdomains

16
IPs

2
Countries

1313 kB
Transfer

3735 kB
Size

17
Cookies

74 HTTP transactions
0 data transactions