www.payfast.co.za Open in urlscan Pro
41.74.179.210 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://payfast.co.za/
Effective URL:
https://www.payfast.co.za/
Submission: On March 21 via automatic, source alexatop100k (March 21st 2019, 1:28:11 pm UTC)

Summary HTTP 33 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 11 IPs in 3 countries across 11 domains to perform 33 HTTP transactions. The main IP is 41.74.179.210, located in Cape Town, South Africa and belongs to RSAWEB-AS, ZA. The main domain is www.payfast.co.za.
TLS certificate: Issued by Entrust Certification Authority - L1M on September 19th 2017. Valid for: 2 years.

This is the only time www.payfast.co.za was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 8	41.74.179.210 41.74.179.210	37053 (RSAWEB-AS) (RSAWEB-AS)
2	2a00:1450:400... 2a00:1450:4001:820::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:808::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:815::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:824::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
7	2a0b:4d07:102::1 2a0b:4d07:102::1	44239 (PROINITY ...) (PROINITY PROINITY)
7	2a00:1450:400... 2a00:1450:4001:825::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1 4	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f00... 2a03:2880:f007:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	2a00:1450:400... 2a00:1450:400c:c08::9c	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a03:2880:f10... 2a03:2880:f107:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
33	11

8 41.74.179.210 (Cape Town, South Africa) 1 redirects

ASN37053 (RSAWEB-AS, ZA)
PTR: www.payfast.co.za

payfast.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.payfast.co.za	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:820::200a (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:808::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::2002 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::2004 (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a0b:4d07:102::1 (Germany)

ASN44239 (PROINITY PROINITY, DE)

payfastcoza-bef7.kxcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:825::2003 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:816::200e (Ireland) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f007:8:face:b00c:0:1 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c08::9c (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f107:83:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
8	payfast.co.za 1 redirects payfast.co.za www.payfast.co.za	316 KB
7	gstatic.com fonts.gstatic.com	74 KB
7	kxcdn.com payfastcoza-bef7.kxcdn.com	522 KB
4	google-analytics.com 1 redirects www.google-analytics.com	36 KB
2	facebook.com www.facebook.com	394 B
2	facebook.net connect.facebook.net	61 KB
2	doubleclick.net 1 redirects googleads.g.doubleclick.net stats.g.doubleclick.net	513 B
2	googleapis.com fonts.googleapis.com	2 KB
1	google.de www.google.de	385 B
1	google.com 1 redirects www.google.com	332 B
1	googletagmanager.com www.googletagmanager.com	22 KB
33	11

	Domain	Requested by
7	fonts.gstatic.com	www.payfast.co.za
7	payfastcoza-bef7.kxcdn.com	www.payfast.co.za
7	www.payfast.co.za	www.payfast.co.za
4	www.google-analytics.com	1 redirects www.googletagmanager.com www.payfast.co.za
2	www.facebook.com	www.payfast.co.za
2	connect.facebook.net	www.payfast.co.za connect.facebook.net
2	fonts.googleapis.com	www.payfast.co.za
1	stats.g.doubleclick.net	www.payfast.co.za
1	www.google.de	www.payfast.co.za
1	www.google.com	1 redirects
1	googleads.g.doubleclick.net	1 redirects
1	www.googletagmanager.com	www.payfast.co.za
1	payfast.co.za	1 redirects
33	13

This site contains links to these domains. Also see Links.

Domain
support.payfast.co.za
developers.payfast.co.za
www.cellc.co.za
www.nicharry.com
www.adidas.co.za
lifestyle.jaguar.co.za
www.virginactive.co.za
www.globalknives.co.za
planet54.com
otelafrica.com
idshosting.co.za
www.midlandsdesign.co.za
payfast.recruiterbox.com
status.payfast.co.za
www.facebook.com
twitter.com
www.linkedin.com

Subject Issuer	Validity	Valid
www.payfast.co.za Entrust Certification Authority - L1M	`2017-09-19` - `2019-06-02`	2 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
www.google.de Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.kxcdn.com Thawte RSA CA 2018	`2017-12-18` - `2019-08-01`	2 years	crt.sh
*.google.com Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-03-08` - `2019-06-06`	3 months	crt.sh
*.g.doubleclick.net Google Internet Authority G3	`2019-03-01` - `2019-05-24`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.payfast.co.za/
Frame ID: 6BE93C37E7288A13CDC96AD78F9E8215
Requests: 34 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://payfast.co.za/ HTTP 301
https://www.payfast.co.za/ Page URL

Detected technologies

Raphael (JavaScript Graphics) Expand

Overall confidence: 100%
Detected patterns

env /^Raphael$/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^Modernizr$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

33
Requests

100 %
HTTPS

92 %
IPv6

11
Domains

13
Subdomains

11
IPs

3
Countries

1030 kB
Transfer

2214 kB
Size

4
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://support.payfast.co.za/
Title: Support

Search URL Search Domain Scan URL

URL: https://developers.payfast.co.za/documentation/
Title: Custom Integration – Step-by-step guide for developers

Search URL Search Domain Scan URL

URL: https://www.cellc.co.za/pinless-recharge/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Cell-C.png" class="attachment-homepage size-homepage wp-post-image" alt="Cell C" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Cell-C.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Cell-C-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: https://www.nicharry.com/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Nick-Socks.png" class="attachment-homepage size-homepage wp-post-image" alt="Nic Socks" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Nick-Socks.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Nick-Socks-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://www.adidas.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Adidas_2-1.png" class="attachment-homepage size-homepage wp-post-image" alt="Adidas" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Adidas_2-1.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Adidas_2-1-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: https://lifestyle.jaguar.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Jaguar.png" class="attachment-homepage size-homepage wp-post-image" alt="Jaguar Lifestyle South Africa" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Jaguar.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Jaguar-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://www.virginactive.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Virgin.png" class="attachment-homepage size-homepage wp-post-image" alt="Virgin Active" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Virgin.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Virgin-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: https://www.globalknives.co.za/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Global_bw.png" class="attachment-homepage size-homepage wp-post-image" alt="Global Knives" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Global_bw.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Global_bw-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: https://planet54.com/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Planet-54.png" class="attachment-homepage size-homepage wp-post-image" alt="Planet 54" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Planet-54.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Planet-54-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://otelafrica.com/
Title: <img width="195" height="85" src="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Otel.png" class="attachment-homepage size-homepage wp-post-image" alt="O-Tel" srcset="https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Otel.png 195w, https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Otel-150x65.png 150w" sizes="(max-width: 195px) 100vw, 195px" />

Search URL Search Domain Scan URL

URL: http://idshosting.co.za/
Title: http://idshosting.co.za/

Search URL Search Domain Scan URL

URL: http://www.midlandsdesign.co.za/
Title: http://www.midlandsdesign.co.za/

Search URL Search Domain Scan URL

URL: https://payfast.recruiterbox.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://status.payfast.co.za/
Title: System Status

Search URL Search Domain Scan URL

URL: https://www.facebook.com/payfast
Title: Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/payfast
Title: Twitter

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/payfast
Title: LinkedIn

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://payfast.co.za/ HTTP 301
https://www.payfast.co.za/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1043218432/?value=0&guid=ON&script=0 HTTP 302
https://www.google.com/pagead/1p-user-list/1043218432/?value=0&guid=ON&script=0&cdct=2&is_vtc=1&random=2787449281 HTTP 302
https://www.google.de/pagead/1p-user-list/1043218432/?value=0&guid=ON&script=0&cdct=2&is_vtc=1&random=2787449281&ipr=y

Request Chain 26

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=752404717&t=pageview&_s=1&dl=https%3A%2F%2Fwww.payfast.co.za%2F&ul=en-us&de=UTF-8&dt=South%20Africa%27s%20Secure%20Online%20Payment%20Gateway%20%7C%20PayFast&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=aGBAAUAjS~&jid=137167336&gjid=1119008508&cid=1150928582.1553174873&tid=UA-3492176-1&_gid=513681332.1553174873&_r=1&z=1072424260 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3492176-1&cid=1150928582.1553174873&jid=137167336&_gid=513681332.1553174873&gjid=1119008508&_v=j73&z=1072424260

33 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.payfast.co.za/
Redirect Chain

https://payfast.co.za/
https://www.payfast.co.za/

101 KB
22 KB

418ms
378ms

Document
text/html

41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Cape Town, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

1a061a733a2fa12c1eaabea680ed2cd21f0e526d4092e420379bb09d1c9e6c12

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.payfast.co.za
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

status: 200
server: nginx
date: Thu, 21 Mar 2019 13:27:52 GMT
content-type: text/html; charset=UTF-8
content-length: 19030
last-modified: Thu, 21 Mar 2019 04:01:25 GMT
vary: Accept-Encoding,User-Agent
content-encoding: gzip
cache-control: max-age=0
expires: Thu, 21 Mar 2019 13:27:52 GMT
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-frame-options: SAMEORIGIN

Redirect headers

status: 301
server: nginx
date: Thu, 21 Mar 2019 13:27:52 GMT
content-type: text/html; charset=UTF-8
content-length: 0
location: https://www.payfast.co.za/
expires: Thu, 21 Mar 2019 14:27:52 GMT
cache-control: max-age=3600
x-redirect-by: WordPress
vary: Accept-Encoding,User-Agent
strict-transport-security: max-age=63072000;
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-frame-options: SAMEORIGIN

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 59ms
17ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&subset=

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

601d7d37394b52a0118cdb73aec393602cbfabfe7880ae8128ca1b4cde86dd09

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 21 Mar 2019 13:27:53 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 21 Mar 2019 13:27:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Thu, 21 Mar 2019 13:27:53 GMT

GET
H2 200 5210d45f92106eb0a99eea2135864054.css
www.payfast.co.za/wp-content/cache/min/1/ 173 KB
32 KB 182ms
180ms Stylesheet
text/css 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/cache/min/1/5210d45f92106eb0a99eea2135864054.css

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Cape Town, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

b4c84e90ee820bf4fca64c894851964f3cc224449c39e6de872acc0c8c393624

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/cache/min/1/5210d45f92106eb0a99eea2135864054.css
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: text/css,*/*;q=0.1
cache-control: no-cache
:authority: www.payfast.co.za
referer: https://www.payfast.co.za/
:scheme: https
:method: GET
Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
status: 200
vary: Accept-Encoding,User-Agent
content-length: 29162
x-xss-protection: 1; mode=block
last-modified: Thu, 24 Jan 2019 10:27:14 GMT
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000;
content-type: text/css; charset=utf-8
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
expires: Fri, 20 Mar 2020 13:27:53 GMT

GET
H2 200 v2_logo.png
www.payfast.co.za/images/ 8 KB
8 KB 341ms
338ms Image
image/png 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.payfast.co.za/images/v2_logo.png

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Cape Town, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

b8643e284346112a58e5e0a6ba37833c61f7f41600be56355f7868ed1d432d7c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

:path: /images/v2_logo.png
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: image/webp,image/apng,image/*,*/*;q=0.8
cache-control: no-cache
:authority: www.payfast.co.za
referer: https://www.payfast.co.za/
:scheme: https
:method: GET
Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: nginx
etag: default
vary: Accept-Encoding,User-Agent
content-type: image/png
status: 200
expires: Sat, 20 Apr 2019 13:27:54 GMT
cache-control: private, must-revalidate, proxy-revalidate, max-age=2592000
strict-transport-security: max-age=63072000;
content-length: 7860
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge

GET
H2 200 ga-0ea40a4cb2873a89cbe597eaea860826.js Show response
www.payfast.co.za/wp-content/cache/busting/google-tracking/ 43 KB
21 KB 327ms
324ms Script
application/javascript 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/cache/busting/google-tracking/ga-0ea40a4cb2873a89cbe597eaea860826.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Cape Town, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/cache/busting/google-tracking/ga-0ea40a4cb2873a89cbe597eaea860826.js
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.payfast.co.za
referer: https://www.payfast.co.za/
:scheme: https
:method: GET
Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
status: 200
vary: Accept-Encoding,User-Agent
content-length: 17581
x-xss-protection: 1; mode=block
last-modified: Tue, 19 Mar 2019 07:29:46 GMT
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000;
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
expires: Fri, 20 Mar 2020 13:27:53 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 80 KB
22 KB 44ms
19ms Script
application/javascript 2a00:1450:4001:808::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KPHZ88M

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:808::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

433b403ea1f00d7f97c1daabdcd2d980825f3c3753ae663f3f37f766c8bec1b6

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: br
last-modified: Wed, 20 Mar 2019 21:47:39 GMT
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 22073
x-xss-protection: 1; mode=block
expires: Thu, 21 Mar 2019 13:27:53 GMT

GET
DATA 200
OK truncated
/ 35 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: a3479b45d477eb8429f4be8a396050d90f894559a72068ec3593ec43f586d138

Request headers

Response headers

Content-Type: image/gif

GET
H2

200

/
www.google.de/pagead/1p-user-list/1043218432/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1043218432/?value=0&guid=ON&script=0
https://www.google.com/pagead/1p-user-list/1043218432/?value=0&guid=ON&script=0&cdct=2&is_vtc=1&random=2787449281
https://www.google.de/pagead/1p-user-list/1043218432/?value=0&guid=ON&script=0&cdct=2&is_vtc=1&random=2787449281&ipr=y

42 B
385 B

46ms
31ms

Image
image/gif

2a00:1450:4001:820::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/1043218432/?value=0&guid=ON&script=0&cdct=2&is_vtc=1&random=2787449281&ipr=y

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:820::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 21 Mar 2019 13:27:53 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Mar 2019 13:27:53 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/pagead/1p-user-list/1043218432/?value=0&guid=ON&script=0&cdct=2&is_vtc=1&random=2787449281&ipr=y
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 42
x-xss-protection: 1; mode=block
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 2ddb572ff2ad5d9a195b1ba72ba6d54f.js Show response
www.payfast.co.za/wp-content/cache/min/1/ 737 KB
221 KB 305ms
297ms Script
application/javascript 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/cache/min/1/2ddb572ff2ad5d9a195b1ba72ba6d54f.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Cape Town, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

3906359c9994affe77fd4fd09e5db757173bd15bfc21b4d87e6ce7e15c248285

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/cache/min/1/2ddb572ff2ad5d9a195b1ba72ba6d54f.js
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.payfast.co.za
referer: https://www.payfast.co.za/
:scheme: https
:method: GET
Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
status: 200
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
last-modified: Tue, 12 Mar 2019 19:33:47 GMT
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000;
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
expires: Fri, 20 Mar 2020 13:27:53 GMT

GET
H2 200 Payfast-Website-Banner-2018-final-1.jpg
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 168 KB
171 KB 100ms
19ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/Payfast-Website-Banner-2018-final-1.jpg

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Germany, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

258755aaffe13c9a7e8486ecf53075f84f9e93705ba04cae00afe3b25fa71e44

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
content-length: 171887
x-xss-protection: 1; mode=block
last-modified: Wed, 14 Feb 2018 10:20:18 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 13:27:53 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/Payfast-Website-Banner-2018-final-1.jpg>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 testimonials-bg.jpg
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 179 KB
183 KB 193ms
192ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/testimonials-bg.jpg

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Germany, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

cb52467dd41609d88e46ec0ac1571c694c59c1e47b3997b083979e6fdea8fe08

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
content-length: 183517
x-xss-protection: 1; mode=block
last-modified: Mon, 11 Dec 2017 15:41:30 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 13:27:53 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/testimonials-bg.jpg>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 lazyload-10.17.min.js Show response
www.payfast.co.za/wp-content/plugins/wp-rocket/inc/front/js/ 5 KB
5 KB 272ms
272ms Script
application/javascript 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/wp-content/plugins/wp-rocket/inc/front/js/lazyload-10.17.min.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Cape Town, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

312e71f4f53cd28a50eaa9cdfffc02a6056e7e888d5774163159be56f50920e3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /wp-content/plugins/wp-rocket/inc/front/js/lazyload-10.17.min.js
pragma: no-cache
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.payfast.co.za
referer: https://www.payfast.co.za/
:scheme: https
:method: GET
Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
status: 200
vary: Accept-Encoding,User-Agent
content-length: 2065
x-xss-protection: 1; mode=block
last-modified: Tue, 12 Mar 2019 19:32:01 GMT
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000;
content-type: application/javascript; charset=utf-8
cache-control: max-age=31536000, public
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
expires: Fri, 20 Mar 2020 13:27:53 GMT

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 27ms
9ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&subset=
Origin: https://www.payfast.co.za

Response headers

date: Fri, 08 Mar 2019 23:23:06 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:46 GMT
server: sffe
age: 1087487
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8892
x-xss-protection: 1; mode=block
expires: Sat, 07 Mar 2020 23:23:06 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 25ms
10ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&subset=
Origin: https://www.payfast.co.za

Response headers

date: Fri, 08 Mar 2019 20:21:18 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:39 GMT
server: sffe
age: 1098395
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8800
x-xss-protection: 1; mode=block
expires: Sat, 07 Mar 2020 20:21:18 GMT

GET
H2 200 mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v15/ 9 KB
9 KB 19ms
9ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN_r8OUuhpKKSTjw.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&subset=
Origin: https://www.payfast.co.za

Response headers

date: Sat, 09 Mar 2019 03:35:16 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 Oct 2017 21:49:38 GMT
server: sffe
age: 1072357
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 8732
x-xss-protection: 1; mode=block
expires: Sun, 08 Mar 2020 03:35:16 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 24ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KPHZ88M

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 16 Jan 2019 20:01:45 GMT
server: Golfe2
age: 6057
date: Thu, 21 Mar 2019 11:46:56 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17543
expires: Thu, 21 Mar 2019 13:46:56 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 52 KB
16 KB 67ms
12ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

6bb981959d783d83df88b9aa48738948c9a8a22c1a31b8cb5305d3e338ebf9a7

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
content-length: 15216
x-xss-protection: 0
pragma: public
x-fb-debug: jOZmqbJ+dVnNGeLz9TrFyUABj+pCIxBVT/zG91N7kfvbtUd84SiY6rZzirDKgc/LOcfF02HzOgIQu1juHfqFRA==
date: Thu, 21 Mar 2019 13:27:53 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 linkid.js Show response
www.google-analytics.com/plugins/ua/ 2 KB
1019 B 9ms
8ms Script
text/javascript 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/plugins/ua/linkid.js

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/wp-content/cache/busting/google-tracking/ga-0ea40a4cb2873a89cbe597eaea860826.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:16:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 21 Apr 2016 03:17:22 GMT
server: sffe
age: 685
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=3600
accept-ranges: bytes
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 856
x-xss-protection: 1; mode=block
expires: Thu, 21 Mar 2019 14:16:28 GMT

GET
H2 200 style.css
payfastcoza-bef7.kxcdn.com/wp-content/themes/hub/ 164 KB
25 KB 22ms
17ms Stylesheet
text/css 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/themes/hub/style.css

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Germany, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a7d26bb2a34fecccc08b6262b4094456518a1bd86ed6727f6c06085a63fec7dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
content-length: 21935
x-xss-protection: 1; mode=block
last-modified: Tue, 22 Jan 2019 20:57:52 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 13:27:53 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/themes/hub/style.css>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 css
fonts.googleapis.com/ 11 KB
869 B 17ms
16ms Stylesheet
text/css 2a00:1450:4001:820::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,500|Roboto:300,400,500

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:820::200a , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

756cf8243d313421da07e00973b8efce284575bacde455f3cb4b91414707cd54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Thu, 21 Mar 2019 13:27:53 GMT
server: ESF
access-control-allow-origin: *
date: Thu, 21 Mar 2019 13:27:53 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 1; mode=block
expires: Thu, 21 Mar 2019 13:27:53 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 46 KB
17 KB 19ms
18ms Script
application/javascript 2a00:1450:4001:816::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=GTM-MXZCWJ2&cid=1150928582.1553174873

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/wp-content/cache/busting/google-tracking/ga-0ea40a4cb2873a89cbe597eaea860826.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:816::200e , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

460d572e0fdf098e80c5bd42b1f22310bd1b6f1a555034b012340f83bc35e74e

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: br
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 17367
x-xss-protection: 1; mode=block
expires: Thu, 21 Mar 2019 13:27:53 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v18/ 10 KB
11 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,500|Roboto:300,400,500
Origin: https://www.payfast.co.za

Response headers

date: Fri, 08 Mar 2019 22:08:31 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:51 GMT
server: sffe
age: 1091962
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10748
x-xss-protection: 1; mode=block
expires: Sat, 07 Mar 2020 22:08:31 GMT

GET
H2 200 fontawesome-webfont.woff2
payfastcoza-bef7.kxcdn.com/wp-content/plugins/ubermenu/assets/css/fontawesome/fonts/ 75 KB
79 KB 77ms
35ms Font
text/plain 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/plugins/ubermenu/assets/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Germany, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.payfast.co.za/wp-content/cache/min/1/5210d45f92106eb0a99eea2135864054.css
Origin: https://www.payfast.co.za

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
x-xss-protection: 1; mode=block
last-modified: Mon, 08 Jan 2018 12:54:25 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 13:27:53 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
link: <https://www.payfast.co.za/wp-content/plugins/ubermenu/assets/css/fontawesome/fonts/fontawesome-webfont.woff2?v=4.7.0>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v18/ 11 KB
11 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4AMP6lQ.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open+Sans:300,400,500|Roboto:300,400,500
Origin: https://www.payfast.co.za

Response headers

date: Sat, 09 Mar 2019 21:50:53 GMT
x-content-type-options: nosniff
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
age: 1006620
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 10788
x-xss-protection: 1; mode=block
expires: Sun, 08 Mar 2020 21:50:53 GMT

GET
H2 200 u-4x0qWljRw-Pd8w__1ImSRu.woff2
fonts.gstatic.com/s/cabin/v13/ 13 KB
13 KB 7ms
6ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v13/u-4x0qWljRw-Pd8w__1ImSRu.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

85f5435a4de627b127a6b1ebf030dceb6354feb76c3c3075c4d0670db28fd82c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&subset=
Origin: https://www.payfast.co.za

Response headers

date: Sat, 09 Mar 2019 02:36:14 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 22:42:03 GMT
server: sffe
age: 1075899
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13440
x-xss-protection: 1; mode=block
expires: Sun, 08 Mar 2020 02:36:14 GMT

GET
H2 200 1901745913432385 Show response
connect.facebook.net/signals/config/ 186 KB
45 KB 58ms
58ms Script
application/x-javascript 2a03:2880:f007:8:face:b00c:0:1
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1901745913432385?v=2.8.42&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f007:8:face:b00c:0:1 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

f66cd07c508fa268a4589fcf1d974022c3e9dabd35f4872852e594d3d680969b

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
vary: Origin, Accept-Encoding
x-xss-protection: 0
pragma: public
x-fb-debug: y/1bSuKLzRAy4SBQveM3qzi8hIkF0ShppnYoUb7ypeCDdtXIRAHH9VIyxfxBAE3qEGiBlJ9BA/yytnABUMfTOA==
date: Thu, 21 Mar 2019 13:27:53 GMT
x-frame-options: DENY
access-control-allow-methods: OPTIONS
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: https://connect.facebook.net
access-control-expose-headers: X-FB-Debug, X-Loader-Length
cache-control: public, max-age=1200
access-control-allow-credentials: true
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 u-480qWljRw-PdeL2uhluylEeQ5J.woff2
fonts.gstatic.com/s/cabin/v13/ 13 KB
13 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:825::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/cabin/v13/u-480qWljRw-PdeL2uhluylEeQ5J.woff2

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a00:1450:4001:825::2003 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

91124a6b2172e04a2819275622bf55c2ba29335a96d62a6db3b41c63a876a96f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Open%20Sans%3A%2C300%2C400%2C700%7CRaleway%3A400%2C500%2C700%7CCabin%3A400%2C500%2C700%7CDroid%20Serif%3Aregular%2C%3Aitalic%2C%3A700%2C%3A700italic%7CDroid%20Sans%3Aregular%2C%3A700%7CCabin%3Aregular%2C%3Aitalic%2C%3A500%2C%3A500italic%2C%3A600%2C%3A600italic%2C%3A700%2C%3A700italic%7CRaleway%3A100%2C%3A200%2C%3A300%2C%3Aregular%2C%3A500%2C%3A600%2C%3A700%2C%3A800%2C%3A900&subset=
Origin: https://www.payfast.co.za

Response headers

date: Sat, 09 Mar 2019 04:39:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 19 Feb 2019 22:36:43 GMT
server: sffe
age: 1068526
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12928
x-xss-protection: 1; mode=block
expires: Sun, 08 Mar 2020 04:39:07 GMT

GET
H2

200

collect
stats.g.doubleclick.net/r/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j73&a=752404717&t=pageview&_s=1&dl=https%3A%2F%2Fwww.payfast.co.za%2F&ul=en-us&de=UTF-8&dt=South%20Africa%27s%20Secure%20Online%20Payment%20Gateway...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3492176-1&cid=1150928582.1553174873&jid=137167336&_gid=513681332.1553174873&gjid=1119008508&_v=j73&z=1072424260

35 B
305 B

58ms
15ms

Image
image/gif

2a00:1450:400c:c08::9c
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3492176-1&cid=1150928582.1553174873&jid=137167336&_gid=513681332.1553174873&gjid=1119008508&_v=j73&z=1072424260

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c08::9c , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
date: Thu, 21 Mar 2019 13:27:54 GMT
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 21 Mar 2019 13:27:53 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
location: https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3492176-1&cid=1150928582.1553174873&jid=137167336&_gid=513681332.1553174873&gjid=1119008508&_v=j73&z=1072424260
content-type: text/html; charset=UTF-8
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 417
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 payfast-nofees@2x.jpg
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 7 KB
11 KB 26ms
24ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/payfast-nofees@2x.jpg

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Germany, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

673b77140a197f0baebedda9a32f50f47ab98dc9a82eb7f4e7becae633f96914

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
content-length: 7517
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Oct 2017 15:21:10 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 13:27:53 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/payfast-nofees@2x.jpg>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 credit-card.png
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 39 KB
42 KB 27ms
25ms Image
image/png 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/credit-card.png

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Germany, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

a2f4ba5e2bc49620e701412723dd5bb384a9aec7597dd0ac2ae0377ff8225055

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: STALE
status: 200
strict-transport-security: max-age=63072000;
content-length: 39968
x-xss-protection: 1; mode=block
last-modified: Thu, 18 Oct 2018 09:36:44 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 13:27:53 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/credit-card.png>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 payfast-eft@2x.jpg
payfastcoza-bef7.kxcdn.com/wp-content/uploads/ 8 KB
11 KB 27ms
25ms Image
image/jpeg 2a0b:4d07:102::1
PROINITY PROINITY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://payfastcoza-bef7.kxcdn.com/wp-content/uploads/payfast-eft@2x.jpg

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a0b:4d07:102::1 , Germany, ASN44239 (PROINITY PROINITY, DE),

Reverse DNS

Software

keycdn-engine /

Resource Hash

6d452f4fbee86ecaf5e9805ae6efe5a96c95e0b38ba13d7717882d89d2155956

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:53 GMT
x-content-type-options: nosniff
x-edge-location: defr
x-cache: HIT
status: 200
strict-transport-security: max-age=63072000;
content-length: 8182
x-xss-protection: 1; mode=block
last-modified: Tue, 31 Oct 2017 15:21:10 GMT
server: keycdn-engine
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
expires: Thu, 28 Mar 2019 13:27:53 GMT
cache-control: max-age=604800
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
accept-ranges: bytes
link: <https://www.payfast.co.za/wp-content/uploads/payfast-eft@2x.jpg>; rel="canonical"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce

GET
H2 200 /
www.facebook.com/tr/ 44 B
296 B 46ms
16ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=1901745913432385&ev=PageView&dl=https%3A%2F%2Fwww.payfast.co.za%2F&rl=&if=false&ts=1553174874131&sw=1600&sh=1200&v=2.8.42&r=stable&ec=0&o=30&fbp=fb.2.1553174874130.752465766&it=1553174873821&coo=false&rqm=GET
Requested by: Host: www.payfast.co.za
URL: https://www.payfast.co.za/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f107:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:54 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 21 Mar 2019 13:27:54 GMT

GET
H2 200 / Show response
www.payfast.co.za/ 0
3 KB 641ms
640ms Script
text/javascript 41.74.179.210
RSAWEB-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.payfast.co.za/?wordfence_lh=1&hid=FFB8EDFC74F494F013811F0421C58961&r=0.5582624544786616

Requested by

Host: www.payfast.co.za
URL: https://www.payfast.co.za/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

41.74.179.210 Cape Town, South Africa, ASN37053 (RSAWEB-AS, ZA),

Reverse DNS

www.payfast.co.za

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:path: /?wordfence_lh=1&hid=FFB8EDFC74F494F013811F0421C58961&r=0.5582624544786616
pragma: no-cache
cookie: _ga=GA1.3.1150928582.1553174873; _gid=GA1.3.513681332.1553174873; _gat=1; _fbp=fb.2.1553174874130.752465766
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
accept: */*
cache-control: no-cache
:authority: www.payfast.co.za
referer: https://www.payfast.co.za/
:scheme: https
:method: GET
Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:54 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
status: 200
vary: Accept-Encoding,User-Agent
x-xss-protection: 1; mode=block
server: nginx
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=63072000;
content-type: text/javascript;charset=UTF-8
cache-control: max-age=2592000
content-security-policy: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
x-robots-tag: noindex
link: <https://www.payfast.co.za/wp-json/>; rel="https://api.w.org/"
x-webkit-csp: default-src 'self' data: *.google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src * 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: *.twitter.com *.google-analytics.com *.googletagmanager.com *.facebook.net *.youtube.com *.google.com *.google.co.za *.gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club *.map2.ssl.hwcdn.net *.static.hotjar.com *.hotjar.com; object-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: *.google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: *.google-analytics.com *.youtube.com *.twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com *.google.com *.vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com *.hotjar.com; font-src 'self' data: fonts.gstatic.com *.gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: *.google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com *.hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
expires: Sat, 20 Apr 2019 13:27:54 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
98 B 13ms
12ms Image
image/gif 2a03:2880:f107:83:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.facebook.com/tr/?id=1901745913432385&ev=Microdata&dl=https%3A%2F%2Fwww.payfast.co.za%2F&rl=&if=false&ts=1553174874636&cd[Schema.org]=%5B%5D&cd[OpenGraph]=%7B%22og%3Alocale%22%3A%22en_GB%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Atitle%22%3A%22South%20Africa%27s%20Secure%20Online%20Payment%20Gateway%20%7C%20PayFast%22%2C%22og%3Adescription%22%3A%22PayFast%20is%20the%20go-to%20ecommerce%20%26%20online%20payment%20gateway%20in%20South%20Africa.%20We%20make%20it%20easy%20to%20process%20payments%20so%20individuals%2C%20businesses%20%26%20NPOs%20get%20paid.%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.payfast.co.za%2F%22%2C%22og%3Asite_name%22%3A%22PayFast%22%7D&cd[Meta]=%7B%22title%22%3A%22South%20Africa%27s%20Secure%20Online%20Payment%20Gateway%20%7C%20PayFast%22%2C%22meta%3Adescription%22%3A%22PayFast%20is%20the%20go-to%20ecommerce%20%26%20online%20payment%20gateway%20in%20South%20Africa.%20We%20make%20it%20easy%20to%20process%20payments%20so%20individuals%2C%20businesses%20%26%20NPOs%20get%20paid.%22%7D&cd[DataLayer]=%5B%5D&cd[JSON-LD]=%5B%7B%22%40context%22%3A%22https%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22%40id%22%3A%22https%3A%2F%2Fwww.payfast.co.za%2F%23website%22%2C%22url%22%3A%22https%3A%2F%2Fwww.payfast.co.za%2F%22%2C%22name%22%3A%22PayFast%22%2C%22potentialAction%22%3A%7B%22%40type%22%3A%22SearchAction%22%2C%22target%22%3A%22https%3A%2F%2Fwww.payfast.co.za%2F%3Fs%3D%7Bsearch_term_string%7D%22%2C%22query-input%22%3A%22required%20name%3Dsearch_term_string%22%7D%7D%5D&sw=1600&sh=1200&v=2.8.42&r=stable&ec=1&o=30&fbp=fb.2.1553174874130.752465766&it=1553174873821&coo=false&es=automatic&rqm=GET
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f107:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software: proxygen-bolt /
Resource Hash: 10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer: https://www.payfast.co.za/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Thu, 21 Mar 2019 13:27:54 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Thu, 21 Mar 2019 13:27:54 GMT

Verdicts & Comments Add Verdict or Comment

65 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

4 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.payfast.co.za/	1970-01-19 01:35:50	Name: _fbp Value: fb.2.1553174874130.752465766
.payfast.co.za/	1970-01-18 23:27:41	Name: _gid Value: GA1.3.513681332.1553174873
.payfast.co.za/	1970-01-18 23:26:14	Name: _gat Value: 1
.payfast.co.za/	1970-01-19 16:57:26	Name: _ga Value: GA1.3.1150928582.1553174873

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.payfast.co.za/wp-content/cache/min/1/2ddb572ff2ad5d9a195b1ba72ba6d54f.js(Line 3) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
Strict-Transport-Security	max-age=63072000;
X-Content-Security-Policy	default-src 'self' data: .google-analytics.com googleads.g.doubleclick.net www.facebook.com payfastcoza-bef7.kxcdn.com; img-src 'self' data: ; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' blob: .twitter.com .google-analytics.com .googletagmanager.com .facebook.net .youtube.com .google.com .google.co.za .gstatic.com cdn.polyfill.io payfastcoza-bef7.kxcdn.com yoast.com netcheckcdn.xyz loadingpagesson.club .map2.ssl.hwcdn.net .static.hotjar.com .hotjar.com; object-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; style-src 'self' data: 'unsafe-inline' fonts.googleapis.com translate.googleapis.com payfastcoza-bef7.kxcdn.com; media-src 'self' data: .google-analytics.com payfastcoza-bef7.kxcdn.com; frame-src 'self' data: .google-analytics.com .youtube.com .twitter.com mastercard-a.akamaihd.net connect.facebook.net www.facebook.com www.googletagmanager.com .google.com .vimeo.com fast.wistia.net mozbar.moz.com www.ciuvo.com payfastcoza-bef7.kxcdn.com .hotjar.com; font-src 'self' data: fonts.gstatic.com .gstatic.com http://fonts.gstatic.com payfastcoza-bef7.kxcdn.com; connect-src 'self' data: .google-analytics.com stats.g.doubleclick.net yoast.com payfastcoza-bef7.kxcdn.com .hotjar.com hotjar.com wss://ws3.hotjar.com wss://www.payfast.co.za za.api4load.com; report-uri https://payfast.report-uri.com/r/d/csp/enforce
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
payfast.co.za
payfastcoza-bef7.kxcdn.com
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.payfast.co.za
2a00:1450:4001:808::2008
2a00:1450:4001:815::2002
2a00:1450:4001:816::200e
2a00:1450:4001:820::2003
2a00:1450:4001:820::200a
2a00:1450:4001:824::2004
2a00:1450:4001:825::2003
2a00:1450:400c:c08::9c
2a03:2880:f007:8:face:b00c:0:1
2a03:2880:f107:83:face:b00c:0:25de
2a0b:4d07:102::1
41.74.179.210
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1a061a733a2fa12c1eaabea680ed2cd21f0e526d4092e420379bb09d1c9e6c12
258755aaffe13c9a7e8486ecf53075f84f9e93705ba04cae00afe3b25fa71e44
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
312e71f4f53cd28a50eaa9cdfffc02a6056e7e888d5774163159be56f50920e3
35a21333c81302e934ee42b7b85b2c6a731bfffb418fe52fe795cb1974186976
3906359c9994affe77fd4fd09e5db757173bd15bfc21b4d87e6ce7e15c248285
3e552578c7d450b023f2cd9d28f830be4335c3acc6c4ab6dadda0769f09e5f22
433b403ea1f00d7f97c1daabdcd2d980825f3c3753ae663f3f37f766c8bec1b6
4352380f92ce7f9a4a4a23306b992bed10055dbfffe90987cc72083e583fc280
460d572e0fdf098e80c5bd42b1f22310bd1b6f1a555034b012340f83bc35e74e
601d7d37394b52a0118cdb73aec393602cbfabfe7880ae8128ca1b4cde86dd09
673b77140a197f0baebedda9a32f50f47ab98dc9a82eb7f4e7becae633f96914
6bb981959d783d83df88b9aa48738948c9a8a22c1a31b8cb5305d3e338ebf9a7
6d452f4fbee86ecaf5e9805ae6efe5a96c95e0b38ba13d7717882d89d2155956
756cf8243d313421da07e00973b8efce284575bacde455f3cb4b91414707cd54
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85f5435a4de627b127a6b1ebf030dceb6354feb76c3c3075c4d0670db28fd82c
8868d2a2f803ea6802d54a11564b5b96c7d8be56117a328c8f605539d6dee167
91124a6b2172e04a2819275622bf55c2ba29335a96d62a6db3b41c63a876a96f
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
a2f4ba5e2bc49620e701412723dd5bb384a9aec7597dd0ac2ae0377ff8225055
a3479b45d477eb8429f4be8a396050d90f894559a72068ec3593ec43f586d138
a7d26bb2a34fecccc08b6262b4094456518a1bd86ed6727f6c06085a63fec7dc
b4c84e90ee820bf4fca64c894851964f3cc224449c39e6de872acc0c8c393624
b79781efede37903be212fcdf63955e41c8649e678b6b83adf824459d240a188
b8643e284346112a58e5e0a6ba37833c61f7f41600be56355f7868ed1d432d7c
cb52467dd41609d88e46ec0ac1571c694c59c1e47b3997b083979e6fdea8fe08
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f66cd07c508fa268a4589fcf1d974022c3e9dabd35f4872852e594d3d680969b
fe32c9921874b35b87acb0a3b558784ca7b9fed91ed34c1d2a68b6566c9d09be

www.payfast.co.za Open in urlscan Pro 41.74.179.210 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

33 Requests

100 %HTTPS

92 %IPv6

11 Domains

13 Subdomains

11 IPs

3 Countries

1030 kBTransfer

2214 kBSize

4 Cookies

17 Outgoing links

Page URL History

Redirected requests

33 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.payfast.co.za Open in urlscan Pro
41.74.179.210 Public Scan

Screenshot
Live screenshot

Full Image

33
Requests

100 %
HTTPS

92 %
IPv6

11
Domains

13
Subdomains

11
IPs

3
Countries

1030 kB
Transfer

2214 kB
Size

4
Cookies

33 HTTP transactions
1 data transactions