www.payfast.co.za Open in urlscan Pro
41.74.179.210 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://payfast.co.za/
Effective URL:
https://www.payfast.co.za/
Submission: On December 16 via api (December 16th 2019, 12:28:51 am UTC) from GB

Summary HTTP 35 Redirects Links 16 Behaviour Indicators

Summary

This website contacted 11 IPs in 6 countries across 10 domains to perform 35 HTTP transactions. The main IP is 41.74.179.210, located in Roodepoort, South Africa and belongs to RSAWEB-AS, ZA. The main domain is www.payfast.co.za.
TLS certificate: Issued by Entrust Certification Authority - L1M on May 27th 2019. Valid for: 2 years.

This is the only time www.payfast.co.za was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 10	41.74.179.210 41.74.179.210	37053 (RSAWEB-AS) (RSAWEB-AS)
2	2a00:1450:400... 2a00:1450:4001:81f::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
8	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 5	2a00:1450:400... 2a00:1450:4001:815::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a00:1450:400... 2a00:1450:400c:c00::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
4	2a0b:4d07:101::1 2a0b:4d07:101::1	44239 (PROINITY ...) (PROINITY PROINITY)
3	147.75.100.189 147.75.100.189	54825 (PACKET) (PACKET - Packet Host)
35	11

10 41.74.179.210 (Roodepoort, South Africa) 1 redirects

ASN37053 (RSAWEB-AS, ZA)
PTR: www.payfast.co.za

payfast.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.payfast.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:815::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a0b:4d07:101::1 (Switzerland)

ASN44239 (PROINITY PROINITY, DE)

payfastcoza-bef7.kxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 147.75.100.189 (Central, Hong Kong)

ASN54825 (PACKET - Packet Host, Inc., US)
PTR: pkt-ams-k1-8

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	payfast.co.za 1 redirects payfast.co.za www.payfast.co.za	797 KB
8	gstatic.com fonts.gstatic.com	88 KB
5	google-analytics.com 1 redirects www.google-analytics.com	41 KB
4	kxcdn.com payfastcoza-bef7.kxcdn.com	78 KB
3	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com	72 KB
2	facebook.net connect.facebook.net	54 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	facebook.com www.facebook.com	246 B
1	doubleclick.net stats.g.doubleclick.net	102 B
1	googletagmanager.com www.googletagmanager.com	25 KB
35	10

	Domain	Requested by
9	www.payfast.co.za	www.payfast.co.za
8	fonts.gstatic.com	www.payfast.co.za
5	www.google-analytics.com	1 redirects www.googletagmanager.com www.google-analytics.com
4	payfastcoza-bef7.kxcdn.com	www.payfast.co.za
2	connect.facebook.net	www.payfast.co.za connect.facebook.net
2	fonts.googleapis.com	www.payfast.co.za
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	static.hotjar.com	www.payfast.co.za
1	www.facebook.com	www.payfast.co.za
1	stats.g.doubleclick.net	www.payfast.co.za
1	www.googletagmanager.com	www.payfast.co.za
1	payfast.co.za	1 redirects
35	13

This site contains links to these domains. Also see Links.

Domain
support.payfast.co.za
developers.payfast.co.za
takealot.com
za.sofacompany.com
www.sportsmanswarehouse.co.za
www.firstshop.co.za
lifestyle.jaguar.co.za
www.runwaysale.co.za
shop.medicalert.co.za
idshosting.co.za
www.midlandsdesign.co.za
payfast.recruiterbox.com
status.payfast.co.za
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.payfast.co.za Entrust Certification Authority - L1M	`2019-05-27` - `2021-06-02`	2 years	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-12-06` - `2020-03-05`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-11-13` - `2020-02-05`	3 months	crt.sh
*.kxcdn.com Thawte RSA CA 2018	`2019-07-04` - `2021-09-01`	2 years	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2019-12-05` - `2020-03-04`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.payfast.co.za/
Frame ID: B4259955427DE030FCE21BCD87A2A21C
Requests: 52 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Frame ID: 7244DCF57FE4993557B4885E94F38131
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://payfast.co.za/ HTTP 301
https://www.payfast.co.za/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

35
Requests

100 %
HTTPS

80 %
IPv6

10
Domains

13
Subdomains

11
IPs

6
Countries

1156 kB
Transfer

2693 kB
Size

5
Cookies

16 Outgoing links

These are links going to different origins than the main page.

URL: https://support.payfast.co.za/
Title: Support

Search URL Search Domain Scan URL

URL: https://developers.payfast.co.za/documentation/
Title: Custom Integration – Step-by-step guide for developers

Search URL Search Domain Scan URL

URL: http://takealot.com/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Takealot.png" class="attachment-homepage size-homepage wp-post-image" alt="Takealot" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Takealot.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Takealot-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: https://za.sofacompany.com/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Sofa-Company.png" class="attachment-homepage size-homepage wp-post-image" alt="The Sofa Company" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Sofa-Company.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Sofa-Company-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://www.sportsmanswarehouse.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Sportmans-Warehouse.png" class="attachment-homepage size-homepage wp-post-image" alt="Sportsmans Warehouse" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Sportmans-Warehouse.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Sportmans-Warehouse-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://www.firstshop.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/First-Shop-1.png" class="attachment-homepage size-homepage wp-post-image" alt="First Shop" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/First-Shop-1.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/First-Shop-1-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: https://lifestyle.jaguar.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Jaguar.png" class="attachment-homepage size-homepage wp-post-image" alt="Jaguar Lifestyle South Africa" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Jaguar.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Jaguar-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://www.runwaysale.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Runway-Sale.png" class="attachment-homepage size-homepage wp-post-image" alt="Runway Sale" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Runway-Sale.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Runway-Sale-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://shop.medicalert.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Medic-Alert.png" class="attachment-homepage size-homepage wp-post-image" alt="Medic Alert" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Medic-Alert.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Medic-Alert-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://idshosting.co.za/
Title: http://idshosting.co.za/

Search URL Search Domain Scan URL

URL: http://www.midlandsdesign.co.za/
Title: http://www.midlandsdesign.co.za/

Search URL Search Domain Scan URL

URL: https://payfast.recruiterbox.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://status.payfast.co.za/
Title: System Status

Search URL Search Domain Scan URL

URL: https://www.facebook.com/payfast
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/payfast
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/payfast
Title: LinkedIn

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://payfast.co.za/ HTTP 301
https://www.payfast.co.za/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=508592963&t=pageview&_s=1&dl=https%3A%2F%2Fwww.payfast.co.za%2F&ul=en-us&de=UTF-8&dt=South%20Africa%27s%20Secure%20Online%20Payment%20Gateway%20%7C%20PayFast&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBAAUADS~&jid=1268136932&gjid=1188227822&cid=410984651.1576456114&tid=UA-3492176-1&_gid=659870350.1576456114&_r=1&z=531044143 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3492176-1&cid=410984651.1576456114&jid=1268136932&_gid=659870350.1576456114&gjid=1188227822&_v=j79&z=531044143

35 HTTP transactions
18 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.payfast.co.za/
Redirect Chain

http://payfast.co.za/
https://www.payfast.co.za/

102 KB
22 KB

820ms
317ms

Document
text/html

41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

5f2fda8369ba45d3449d9c802b5a10576f70eebbcb9eabfa2e8252b91c59dcce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.payfast.co.za
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
server: nginx
date: Mon, 16 Dec 2019 00:28:34 GMT
content-type: text/html; charset=UTF-8
content-length: 18579
last-modified: Sun, 15 Dec 2019 22:58:26 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: max-age=0
expires: Mon, 16 Dec 2019 00:28:33 GMT
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-frame-options: SAMEORIGIN

Redirect headers

Server: nginx
Date: Mon, 16 Dec 2019 00:28:33 GMT
Content-Type: text/html
Content-Length: 162
Connection: keep-alive
Location: https://www.payfast.co.za/

GET
H2 200 css
fonts.googleapis.com/ 15 KB
1 KB 26ms
25ms Stylesheet
text/css 2a00:1450:4001:81f::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&display=swap

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

e59cdc2cc6d7ee8e1e3433e768259b78b7749677455c503807a16d9e8f6d55e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 16 Dec 2019 00:28:34 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 16 Dec 2019 00:28:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 16 Dec 2019 00:28:34 GMT

GET
H2 200 089c8444c0e187d409e8c5375bef7a5b.css
www.payfast.co.za/wp-content/cache/min/1/ 187 KB
34 KB 182ms
182ms Stylesheet
text/css 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/cache/min/1/089c8444c0e187d409e8c5375bef7a5b.css

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

49c090949ed9c4836abea378f4418cd45b36329b98d5df3f6d493a782686d623

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000;
content-length: 31058
x-xss-protection: 1; mode=block
last-modified: Sun, 08 Dec 2019 20:18:11 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css; charset=utf-8
expires: Tue, 15 Dec 2020 00:28:34 GMT
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 ga-b66b3b5d54e154c81a50880cdcd7e5f8.js Show response
www.payfast.co.za/wp-content/cache/busting/google-tracking/ 43 KB
21 KB 334ms
333ms Script
application/javascript 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/cache/busting/google-tracking/ga-b66b3b5d54e154c81a50880cdcd7e5f8.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000;
content-length: 17834
x-xss-protection: 1; mode=block
last-modified: Tue, 10 Dec 2019 07:29:38 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript; charset=utf-8
expires: Tue, 15 Dec 2020 00:28:34 GMT
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 88 KB
25 KB 17ms
17ms Script
application/javascript 2a00:1450:4001:815::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KPHZ88M

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a9b673b5e0d6d8ca9b135468e0b61f4c1253df3926bab483831f79eacf700b6

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: br
last-modified: Mon, 16 Dec 2019 00:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 25050
x-xss-protection: 0
expires: Mon, 16 Dec 2019 00:28:34 GMT

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7a66517de5bad68439d2b25e525be9a3023b023116b2318b2a90be1971b7e711

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2d035502bb0bea6b2bec8cb811d85253f5efa2e9ab3fa6f6d2cd075e2cf3eb9c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 329c4d534d8581995bcf556f73cacbafa2c77cd50af0c3eda101ca7eafb392b1

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 501ec053a9bcbf0a3abc40a0286833f18cbac8d5eef7195185fd5b81667f6872

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Payfast-Website-Banner-2018-final-1.jpg
www.payfast.co.za/wp-content/uploads/ 168 KB
171 KB 328ms
327ms Image
image/jpeg 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payfast.co.za/wp-content/uploads/Payfast-Website-Banner-2018-final-1.jpg

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

258755aaffe13c9a7e8486ecf53075f84f9e93705ba04cae00afe3b25fa71e44

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000;
content-length: 171887
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Feb 2018 10:20:18 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
expires: Tue, 14 Apr 2020 00:28:34 GMT
cache-control: max-age=10368000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 lazyload.min.js Show response
www.payfast.co.za/wp-content/plugins/wp-rocket/assets/js/lazyload/12.0/ 5 KB
5 KB 470ms
470ms Script
application/javascript 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/plugins/wp-rocket/assets/js/lazyload/12.0/lazyload.min.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

1e3bbf2a6d9503811213baca9f5e309618ca968136199ca532a0a5167c0b0f1c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000;
content-length: 2145
x-xss-protection: 1; mode=block
last-modified: Sun, 08 Dec 2019 20:08:55 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript; charset=utf-8
expires: Tue, 15 Dec 2020 00:28:34 GMT
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 771429940979a6e2de4a218d0bd18187.js Show response
www.payfast.co.za/wp-content/cache/min/1/ 732 KB
220 KB 471ms
471ms Script
application/javascript 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/cache/min/1/771429940979a6e2de4a218d0bd18187.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

0f1f5a7d008e3708fcb2981b031c5de7ce39a7492df45b6eb6ed25b4237c039e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000;
x-xss-protection: 1; mode=block
last-modified: Sun, 08 Dec 2019 20:18:09 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: application/javascript; charset=utf-8
expires: Tue, 15 Dec 2020 00:28:34 GMT
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80b10fb6e2b3eddbd55242de68e5995cee50bd22cbdd96336815871ad66c1ee9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e69e5f0d8a07e52959d281daadf2582903200652e9a8a2170c035dacc5611ce9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f3630a77bc33333b478826dc8f05ef5f169fddb29fb2a7a7074ec8dbe5d401e0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0fa2600e139418c9d3fbbf6a77854d58f54b7039eb8b9a51a43705a9b93281c2

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 98c9fc49713c140534fed4f140b8ffded73f594e7d9ec50727f2810e07ca1058

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04de4c056ee9c3e5af0a6f449262ddb42993068cac6cc05cba4afdf6be7bc248

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4755c6d3a677231b0934e23609145a85cf1c9ade44b7a56ca7f92327d7246091

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ab8f8139e986f51561900a825d09ef81fde9a724a4fd430dcecdf285bb95d0c9

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a388f3a353bab0c888a1cb753bbe68fd0369042538e4563db1aeb4635afbe312

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 68 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a82e6a0cfc31d340d86953859712a11f832d1334ee7376fc1f2592b918a408d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 67 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 69243fdfb5f0e4a6b111e431d44543f0a85e8bbb2e81952314597f821165061d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 66 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 77f1cfdcf43413626c5ed73d3c979f4021e19cb2630cef1aefed737c4d225696

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 64 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&display=swap
Origin: https://www.payfast.co.za

Response headers

date: Tue, 19 Nov 2019 09:15:53 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:49 GMT
server: sffe
age: 2301161
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9132
x-xss-protection: 0
expires: Wed, 18 Nov 2020 09:15:53 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&display=swap
Origin: https://www.payfast.co.za

Response headers

date: Wed, 20 Nov 2019 01:28:43 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:31:11 GMT
server: sffe
age: 2242791
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9080
x-xss-protection: 0
expires: Thu, 19 Nov 2020 01:28:43 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17/ 9 KB
9 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&display=swap
Origin: https://www.payfast.co.za

Response headers

date: Wed, 20 Nov 2019 01:17:55 GMT
x-content-type-options: nosniff
last-modified: Tue, 23 Jul 2019 19:30:37 GMT
server: sffe
age: 2243439
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 9016
x-xss-protection: 0
expires: Thu, 19 Nov 2020 01:17:55 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KPHZ88M

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 6897
date: Sun, 15 Dec 2019 22:33:37 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 16 Dec 2019 00:33:37 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

1ada5b4d0b63b06d2bd668cd7d6597689796da41a434a675cfdbd2a1bddf251a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
content-length: 30426
x-xss-protection: 0
pragma: public
x-fb-debug: +JTCYT0ImglaDnv8Mjp6u0PGiNRMVCOKYcZl+tSQOVM10D2pq2ezm1mNHJY5DPs8cRJkhMzx28K4+KsVp/63rg==
x-fb-trip-id: 420120009
date: Mon, 16 Dec 2019 00:28:34 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 61 KB
23 KB 23ms
23ms Script
application/javascript 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-MXZCWJ2&cid=410984651.1576456114

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0631e834e6e7e674b44e9359939b64d7798ef8ecafc4517650eee7d014950ee3

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: br
last-modified: Mon, 16 Dec 2019 00:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 23343
x-xss-protection: 0
expires: Mon, 16 Dec 2019 00:28:34 GMT

GET
H2 200 1901745913432385 Show response
connect.facebook.net/signals/config/ 100 KB
25 KB 50ms
50ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1901745913432385?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

59524604757c300b215353b123641e86005af11f713c532468a36a5bb5ec5666

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-24=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: u4AxekOGqcsY/C9U2GLKnnwas+C+/5EMH4V8AS/lRw4pQvD3kTaatQ+45STHEWOUjD2lg2OJzB9lRLO6exewsw==
x-fb-trip-id: 420120009
date: Mon, 16 Dec 2019 00:28:34 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=508592963&t=pageview&_s=1&dl=https%3A%2F%2Fwww.payfast.co.za%2F&ul=en-us&de=UTF-8&dt=South%20Africa%27s%20Secure%20Online%20Payment%20Gateway...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3492176-1&cid=410984651.1576456114&jid=1268136932&_gid=659870350.1576456114&gjid=1188227822&_v=j79&z=531044143

35 B
102 B

14ms
14ms

Image
image/gif

2a00:1450:400c:c00::9a
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3492176-1&cid=410984651.1576456114&jid=1268136932&_gid=659870350.1576456114&gjid=1188227822&_v=j79&z=531044143

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Mon, 16 Dec 2019 00:28:34 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 16 Dec 2019 00:28:34 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3492176-1&cid=410984651.1576456114&jid=1268136932&_gid=659870350.1576456114&gjid=1188227822&_v=j79&z=531044143
content-type: text/html; charset=UTF-8
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 416
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
246 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=1901745913432385&ev=PageView&dl=https%3A%2F%2Fwww.payfast.co.za%2F&rl=&if=false&ts=1576456114379&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=28&fbp=fb.2.1576456114378.966973033&it=1576456114321&coo=false&rqm=GET

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-24=":443"; ma=3600
content-length: 44
expires: Mon, 16 Dec 2019 00:28:34 GMT

GET
H2 200 style.css
www.payfast.co.za/wp-content/themes/hub/ 164 KB
25 KB 441ms
440ms Stylesheet
text/css 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/themes/hub/style.css

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

a7d26bb2a34fecccc08b6262b4094456518a1bd86ed6727f6c06085a63fec7dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000;
content-length: 21935
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Jan 2019 20:57:52 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
content-type: text/css; charset=utf-8
expires: Tue, 15 Dec 2020 00:28:34 GMT
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 css
fonts.googleapis.com/ 11 KB
869 B 19ms
18ms Stylesheet
text/css 2a00:1450:4001:81f::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,500|Roboto:300,400,500

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

7ce089da974a31ac1653f521aa847fdbd5f7267cc0de3e5200feaedbfe2b5571

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 16 Dec 2019 00:28:34 GMT
server: ESF
access-control-allow-origin: *
date: Mon, 16 Dec 2019 00:28:34 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Mon, 16 Dec 2019 00:28:34 GMT

GET
H2 200 PF-website-logo-current-site-2.png
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 10 KB
13 KB 28ms
6ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/PF-website-logo-current-site-2.png

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

771ac2ed3e9a4babe9c6538a13077e60b6a7aa706adf67072189d26cea2889c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:27:44 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
content-length: 9775
x-xss-protection: 1; mode=block
last-modified: Tue, 08 Oct 2019 10:26:22 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
expires: Mon, 23 Dec 2019 00:27:44 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/PF-website-logo-current-site-2.png>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 payfast-nofees@2x.jpg
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 7 KB
11 KB 33ms
11ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/payfast-nofees@2x.jpg

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

673b77140a197f0baebedda9a32f50f47ab98dc9a82eb7f4e7becae633f96914

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:27:44 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
content-length: 7517
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Oct 2017 15:21:10 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 23 Dec 2019 00:27:44 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/payfast-nofees@2x.jpg>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 credit-card.png
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 39 KB
43 KB 11ms
11ms Image
image/png 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/credit-card.png

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a2f4ba5e2bc49620e701412723dd5bb384a9aec7597dd0ac2ae0377ff8225055

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:27:44 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
content-length: 39968
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Oct 2018 09:36:44 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
expires: Mon, 23 Dec 2019 00:27:44 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/credit-card.png>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 payfast-eft@2x.jpg
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 8 KB
11 KB 651ms
651ms Image
image/jpeg 2a0b:4d07:101::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/payfast-eft@2x.jpg

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d452f4fbee86ecaf5e9805ae6efe5a96c95e0b38ba13d7717882d89d2155956

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:27:45 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: MISS
status: 200
strict-transport-security: max-age=63072000;
content-length: 8182
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Oct 2017 15:21:10 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
expires: Mon, 23 Dec 2019 00:27:45 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/payfast-eft@2x.jpg>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,500|Roboto:300,400,500
Origin: https://www.payfast.co.za

Response headers

date: Wed, 20 Nov 2019 05:05:44 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:50 GMT
server: sffe
age: 2229770
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11016
x-xss-protection: 0
expires: Thu, 19 Nov 2020 05:05:44 GMT

GET
H2 200 fontawesome-webfont.woff2
www.payfast.co.za/wp-content/plugins/ubermenu/assets/css/fontawesome/fonts/ 75 KB
79 KB 183ms
183ms Font
text/plain 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/plugins/ubermenu/assets/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.payfast.co.za/wp-content/cache/min/1/089c8444c0e187d409e8c5375bef7a5b.css
Origin: https://www.payfast.co.za

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000;
x-xss-protection: 1; mode=block
last-modified: Mon, 08 Jan 2018 12:54:25 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,User-Agent
access-control-allow-origin: *
expires: Wed, 15 Jan 2020 00:28:34 GMT
cache-control: max-age=2592000
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,500|Roboto:300,400,500
Origin: https://www.payfast.co.za

Response headers

date: Thu, 21 Nov 2019 23:44:39 GMT
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2019 01:18:48 GMT
server: sffe
age: 2076235
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 11056
x-xss-protection: 0
expires: Fri, 20 Nov 2020 23:44:39 GMT

GET
H2 200 bg.jpg
www.payfast.co.za/wp-content/themes/hub/images/ 217 KB
221 KB 178ms
178ms Image
image/jpeg 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payfast.co.za/wp-content/themes/hub/images/bg.jpg

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Roodepoort, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

1d43fd735353b8f698edf6c17747bfdbb37ab471ff09c13a0c0a56e9ae1f7a94

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/wp-content/themes/hub/style.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
x-content-type-options: nosniff
status: 200
strict-transport-security: max-age=63072000;
content-length: 222260
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Apr 2016 13:41:54 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
expires: Tue, 14 Apr 2020 00:28:34 GMT
cache-control: max-age=10368000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com *.hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.io *.hotjar.com hotjar.com wss://*.hotjar.com *.facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 u-4x0qWljRw-Pd8w__1ImSRu.woff2
fonts.gstatic.com/s/cabin/v14/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v14/u-4x0qWljRw-Pd8w__1ImSRu.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

85f5435a4de627b127a6b1ebf030dceb6354feb76c3c3075c4d0670db28fd82c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&display=swap
Origin: https://www.payfast.co.za

Response headers

date: Thu, 21 Nov 2019 17:29:37 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:23:50 GMT
server: sffe
age: 2098737
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13440
x-xss-protection: 0
expires: Fri, 20 Nov 2020 17:29:37 GMT

GET
H2 200 hotjar-969539.js Show response
static.hotjar.com/c/ 3 KB
2 KB 121ms
94ms Script
application/javascript 147.75.100.189
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-969539.js?sv=5

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/wp-content/cache/min/1/771429940979a6e2de4a218d0bd18187.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.100.189 Central, Hong Kong, ASN54825 (PACKET - Packet Host, Inc., US),

Reverse DNS

pkt-ams-k1-8

Software

openresty /

Resource Hash

c26e7a84839d389ccea08392642d59e89cd0b446dbc50c5a32fb0edec89e8cab

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-type: application/javascript
section-io-tag: hotjar
age: 0
status: 200
access-control-max-age: 600
section-io-cache: Miss
content-length: 1587
x-cache-hit: 1
server: openresty
x-frame-options: SAMEORIGIN
etag: W/3e734139199be98b94d56dba5fa2550a
vary: Accept-Encoding
section-io-origin-status: 304
access-control-allow-origin: *
cache-control: max-age=60
section-io-origin-time-seconds: 0.071
accept-ranges: bytes
section-io-id: 3d5cc122b3292c966f19badee698bc2e

GET
H2 200 u-480qWljRw-PdfD3OhluylEeQ5J.woff2
fonts.gstatic.com/s/cabin/v14/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v14/u-480qWljRw-PdfD3OhluylEeQ5J.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

3d11b7dc5bd68fca648e1677b14cdc382d1e2a95ce0b2a5a0654243b1e31996a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&display=swap
Origin: https://www.payfast.co.za

Response headers

date: Tue, 19 Nov 2019 09:01:14 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:22:38 GMT
server: sffe
age: 2302040
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13684
x-xss-protection: 0
expires: Wed, 18 Nov 2020 09:01:14 GMT

GET
H2 200 u-480qWljRw-PdeL2uhluylEeQ5J.woff2
fonts.gstatic.com/s/cabin/v14/ 13 KB
13 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:806::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v14/u-480qWljRw-PdeL2uhluylEeQ5J.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/wp-content/cache/min/1/771429940979a6e2de4a218d0bd18187.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

91124a6b2172e04a2819275622bf55c2ba29335a96d62a6db3b41c63a876a96f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&display=swap
Origin: https://www.payfast.co.za

Response headers

date: Thu, 21 Nov 2019 23:41:47 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:22:05 GMT
server: sffe
age: 2076407
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12928
x-xss-protection: 0
expires: Fri, 20 Nov 2020 23:41:47 GMT

GET
H2 200 modules.041f23f5baff6f4369f7.js Show response
script.hotjar.com/ 399 KB
70 KB 36ms
12ms Script
application/javascript 147.75.100.189
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.041f23f5baff6f4369f7.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-969539.js?sv=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.100.189 Central, Hong Kong, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS: pkt-ams-k1-8
Software: /
Resource Hash: 759c3f34e04d0d1e9ba3f4fa92867195170271f74a11dad90b121affff9dcb38

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 16 Dec 2019 00:28:34 GMT
content-encoding: br
last-modified: Thu, 12 Dec 2019 13:57:19 GMT
access-control-allow-origin: *
etag: "d17e923996e106fb389be7efc8870e1a"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.047
section-io-origin-status: 200
accept-ranges: bytes
section-io-id: a8e58798ebb91859c03d2e124b31f882
content-length: 70908

GET
H2 200 box-b736908ce6b0e933fad3a2e45df61b38.html
vars.hotjar.com/ Frame 7244 0
0 37ms
12ms Document
text/html 147.75.100.189
Packet Host

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-b736908ce6b0e933fad3a2e45df61b38.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-969539.js?sv=5
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.100.189 Central, Hong Kong, ASN54825 (PACKET - Packet Host, Inc., US),
Reverse DNS: pkt-ams-k1-8
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-b736908ce6b0e933fad3a2e45df61b38.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
sec-fetch-mode: nested-navigate
referer: https://www.payfast.co.za/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.payfast.co.za/

Response headers

status: 200
date: Mon, 16 Dec 2019 00:28:34 GMT
content-type: text/html
content-length: 808
cache-control: max-age=31536000
content-encoding: br
last-modified: Thu, 28 Nov 2019 17:38:31 GMT
etag: "ed7551919779fd07dbfe6d776c643379"
section-io-origin-status: 200
section-io-origin-time-seconds: 0.028
vary: Accept-Encoding
accept-ranges: bytes
section-io-id: a9aeb5ac102f7f473ba5a9e458ffa72d

GET
H2 200 collect
www.google-analytics.com/ 35 B
99 B 6ms
5ms Image
image/gif 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=508592963&t=event&ni=1&_s=2&dl=https%3A%2F%2Fwww.payfast.co.za%2F&ul=en-us&de=UTF-8&dt=South%20Africa%27s%20Secure%20Online%20Payment%20Gateway%20%7C%20PayFast&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&ec=Scroll%20Depth&ea=Percentage&el=25%25&ev=1&_u=aGDAAUADS~&jid=&gjid=&cid=410984651.1576456114&tid=UA-3492176-1&_gid=659870350.1576456114&z=1759468799

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:43:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2061928
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

GET
H2 200 collect
www.google-analytics.com/ 35 B
93 B 6ms
6ms Image
image/gif 2a00:1450:4001:815::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/collect?v=1&_v=j79&a=508592963&t=timing&ni=1&_s=3&dl=https%3A%2F%2Fwww.payfast.co.za%2F&ul=en-us&de=UTF-8&dt=South%20Africa%27s%20Secure%20Online%20Payment%20Gateway%20%7C%20PayFast&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&utc=Scroll%20Depth&utv=Percentage&utl=25%25&utt=987&_u=aGDAAUADS~&jid=&gjid=&cid=410984651.1576456114&tid=UA-3492176-1&_gid=659870350.1576456114&z=1512515909

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 22 Nov 2019 03:43:07 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
age: 2061928
content-type: image/gif
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: no-cache, no-store, must-revalidate
access-control-allow-origin: *
content-length: 35
expires: Mon, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

74 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.payfast.co.za/	1970-01-19 08:03:52	Name: _fbp Value: fb.2.1576456114378.966973033
.payfast.co.za/	1970-01-19 14:26:54	Name: _hjid Value: eb9a3a8f-acb4-4e79-b3df-2d8425a62fb6
.payfast.co.za/	1970-01-19 05:55:42	Name: _gid Value: GA1.3.659870350.1576456114
.payfast.co.za/	1970-01-19 05:54:16	Name: _gat Value: 1
.payfast.co.za/	1970-01-19 23:25:28	Name: _ga Value: GA1.3.410984651.1576456114

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.payfast.co.za/wp-content/cache/min/1/771429940979a6e2de4a218d0bd18187.js(Line 14) Message: JQMIGRATE: Migrate is installed, version 3.0.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com .hotjar.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.io .hotjar.com hotjar.com wss://.hotjar.com .facebook.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
payfast.co.za
payfastcoza-bef7.kxcdn.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
vars.hotjar.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.payfast.co.za
147.75.100.189
2a00:1450:4001:806::2003
2a00:1450:4001:815::2008
2a00:1450:4001:815::200e
2a00:1450:4001:81f::200a
2a00:1450:400c:c00::9a
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a0b:4d07:101::1
41.74.179.210
01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c
04de4c056ee9c3e5af0a6f449262ddb42993068cac6cc05cba4afdf6be7bc248
0631e834e6e7e674b44e9359939b64d7798ef8ecafc4517650eee7d014950ee3
0f1f5a7d008e3708fcb2981b031c5de7ce39a7492df45b6eb6ed25b4237c039e
0fa2600e139418c9d3fbbf6a77854d58f54b7039eb8b9a51a43705a9b93281c2
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1a82e6a0cfc31d340d86953859712a11f832d1334ee7376fc1f2592b918a408d
1ada5b4d0b63b06d2bd668cd7d6597689796da41a434a675cfdbd2a1bddf251a
1d43fd735353b8f698edf6c17747bfdbb37ab471ff09c13a0c0a56e9ae1f7a94
1e3bbf2a6d9503811213baca9f5e309618ca968136199ca532a0a5167c0b0f1c
258755aaffe13c9a7e8486ecf53075f84f9e93705ba04cae00afe3b25fa71e44
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2d035502bb0bea6b2bec8cb811d85253f5efa2e9ab3fa6f6d2cd075e2cf3eb9c
329c4d534d8581995bcf556f73cacbafa2c77cd50af0c3eda101ca7eafb392b1
3d11b7dc5bd68fca648e1677b14cdc382d1e2a95ce0b2a5a0654243b1e31996a
4755c6d3a677231b0934e23609145a85cf1c9ade44b7a56ca7f92327d7246091
49c090949ed9c4836abea378f4418cd45b36329b98d5df3f6d493a782686d623
501ec053a9bcbf0a3abc40a0286833f18cbac8d5eef7195185fd5b81667f6872
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
59524604757c300b215353b123641e86005af11f713c532468a36a5bb5ec5666
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
5e261f7e11c39ff6f4c8fe884e5c9de2fa15f29085a1adefdd36603ef2e23c00
5f2fda8369ba45d3449d9c802b5a10576f70eebbcb9eabfa2e8252b91c59dcce
673b77140a197f0baebedda9a32f50f47ab98dc9a82eb7f4e7becae633f96914
69243fdfb5f0e4a6b111e431d44543f0a85e8bbb2e81952314597f821165061d
6d452f4fbee86ecaf5e9805ae6efe5a96c95e0b38ba13d7717882d89d2155956
759c3f34e04d0d1e9ba3f4fa92867195170271f74a11dad90b121affff9dcb38
771ac2ed3e9a4babe9c6538a13077e60b6a7aa706adf67072189d26cea2889c6
77f1cfdcf43413626c5ed73d3c979f4021e19cb2630cef1aefed737c4d225696
7a66517de5bad68439d2b25e525be9a3023b023116b2318b2a90be1971b7e711
7ce089da974a31ac1653f521aa847fdbd5f7267cc0de3e5200feaedbfe2b5571
80b10fb6e2b3eddbd55242de68e5995cee50bd22cbdd96336815871ad66c1ee9
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85f5435a4de627b127a6b1ebf030dceb6354feb76c3c3075c4d0670db28fd82c
91124a6b2172e04a2819275622bf55c2ba29335a96d62a6db3b41c63a876a96f
98c9fc49713c140534fed4f140b8ffded73f594e7d9ec50727f2810e07ca1058
9a9b673b5e0d6d8ca9b135468e0b61f4c1253df3926bab483831f79eacf700b6
a2f4ba5e2bc49620e701412723dd5bb384a9aec7597dd0ac2ae0377ff8225055
a388f3a353bab0c888a1cb753bbe68fd0369042538e4563db1aeb4635afbe312
a48a6e4b14fe55f750c0a3dfb5a6f4941bdc06af0aa542b90de25c30c2b4625c
a7d26bb2a34fecccc08b6262b4094456518a1bd86ed6727f6c06085a63fec7dc
ab8f8139e986f51561900a825d09ef81fde9a724a4fd430dcecdf285bb95d0c9
b6dcc1490a0cc33cdeed8970677b89bbec6fa095675af198b8e923b64563c70a
c26e7a84839d389ccea08392642d59e89cd0b446dbc50c5a32fb0edec89e8cab
ce897833ac6e362df7c91ac8223fe511c6defcf33964928a81004600a2dd4c2e
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e59cdc2cc6d7ee8e1e3433e768259b78b7749677455c503807a16d9e8f6d55e2
e69e5f0d8a07e52959d281daadf2582903200652e9a8a2170c035dacc5611ce9
f3630a77bc33333b478826dc8f05ef5f169fddb29fb2a7a7074ec8dbe5d401e0

www.payfast.co.za Open in urlscan Pro 41.74.179.210 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

35 Requests

100 %HTTPS

80 %IPv6

10 Domains

13 Subdomains

11 IPs

6 Countries

1156 kBTransfer

2693 kBSize

5 Cookies

16 Outgoing links

Page URL History

Redirected requests

35 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 18 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.payfast.co.za Open in urlscan Pro
41.74.179.210 Public Scan

Screenshot
Live screenshot

Full Image

35
Requests

100 %
HTTPS

80 %
IPv6

10
Domains

13
Subdomains

11
IPs

6
Countries

1156 kB
Transfer

2693 kB
Size

5
Cookies

35 HTTP transactions
18 data transactions