www.flagstar.com Open in urlscan Pro
172.64.146.116 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://flagstar.com/
Effective URL:
https://www.flagstar.com/
Submission: On March 15 via api (March 15th 2024, 2:04:44 am UTC) from IN — Scanned from DE

Summary HTTP 113 Redirects Links 23 Behaviour Indicators

Summary

This website contacted 15 IPs in 2 countries across 13 domains to perform 113 HTTP transactions. The main IP is 172.64.146.116, located in San Francisco, United States and belongs to CLOUDFLARENET, US. The main domain is www.flagstar.com. The Cisco Umbrella rank of the primary domain is 147615.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on October 20th 2023. Valid for: a year.

This is the only time www.flagstar.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 83	172.64.146.116 172.64.146.116	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a02:26f0:310... 2a02:26f0:3100:782::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	13.110.253.93 13.110.253.93	14340 (SALESFORCE) (SALESFORCE)
3	2606:4700::68... 2606:4700::6811:1854	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
11	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.173.187.104 18.173.187.104	16509 (AMAZON-02) (AMAZON-02)
1	13.109.189.112 13.109.189.112	14340 (SALESFORCE) (SALESFORCE)
1	2606:4700::68... 2606:4700::6811:45f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	63.140.62.27 63.140.62.27	16509 (AMAZON-02) (AMAZON-02)
2	44.212.194.12 44.212.194.12	14618 (AMAZON-AES) (AMAZON-AES)
1	13.110.255.220 13.110.255.220	14340 (SALESFORCE) (SALESFORCE)
2	2a00:1450:400... 2a00:1450:4001:806::200e	15169 (GOOGLE) (GOOGLE)
1	63.140.62.17 63.140.62.17	16509 (AMAZON-02) (AMAZON-02)
113	15

83 172.64.146.116 (San Francisco, United States) 2 redirects

ASN13335 (CLOUDFLARENET, US)

flagstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.flagstar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:3100:782::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.110.253.93 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl6-ncg1-c6-iad5.la5-c1cs-ia5.salesforceliveagent.com

c.la5-c1cs-ia5.salesforceliveagent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:1854 (United States)

ASN13335 (CLOUDFLARENET, US)

assets.sitescdn.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.173.187.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-104.muc50.r.cloudfront.net

solutions.invocacdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.109.189.112 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl14-ncg1-c5-iad4.la2-c2-ia4.salesforceliveagent.com

d.la2-c2-iad.salesforceliveagent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:45f (United States)

ASN13335 (CLOUDFLARENET, US)

answers.yext-pixel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.27 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-27.data.adobedc.net

adobedc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.212.194.12 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-212-194-12.compute-1.amazonaws.com

pnapi.invoca.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.110.255.220 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl16-ncg1-c6-iad5.la5-c1-ia5.salesforceliveagent.com

d.la5-c1-ia5.salesforceliveagent.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.17 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-17.data.adobedc.net

edge.adobedc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
83	flagstar.com 2 redirects flagstar.com — Cisco Umbrella Rank: 103459 www.flagstar.com — Cisco Umbrella Rank: 147615	1 MB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 325	160 KB
3	sitescdn.net assets.sitescdn.net — Cisco Umbrella Rank: 10737	150 KB
3	salesforceliveagent.com c.la5-c1cs-ia5.salesforceliveagent.com — Cisco Umbrella Rank: 147469 d.la2-c2-iad.salesforceliveagent.com — Cisco Umbrella Rank: 111749 d.la5-c1-ia5.salesforceliveagent.com — Cisco Umbrella Rank: 13254	44 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 429	74 KB
2	youtube.com www.youtube.com — Cisco Umbrella Rank: 78	69 KB
2	invoca.net pnapi.invoca.net — Cisco Umbrella Rank: 7932	751 B
2	invocacdn.com solutions.invocacdn.com — Cisco Umbrella Rank: 7000	40 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 188	70 KB
1	adobedc.net edge.adobedc.net — Cisco Umbrella Rank: 3566	710 B
1	demdex.net adobedc.demdex.net — Cisco Umbrella Rank: 7227	920 B
1	yext-pixel.com answers.yext-pixel.com — Cisco Umbrella Rank: 36638	319 B
0	cloudflareinsights.com Failed static.cloudflareinsights.com Failed
113	13

	Domain	Requested by
81	www.flagstar.com	www.flagstar.com
11	cdn.cookielaw.org	assets.adobedtm.com www.flagstar.com
3	assets.sitescdn.net	www.flagstar.com
3	assets.adobedtm.com	www.flagstar.com
2	www.youtube.com	assets.adobedtm.com www.youtube.com
2	pnapi.invoca.net	www.flagstar.com
2	solutions.invocacdn.com	assets.adobedtm.com www.flagstar.com
2	connect.facebook.net	assets.adobedtm.com connect.facebook.net
2	flagstar.com	2 redirects
1	edge.adobedc.net	www.flagstar.com
1	d.la5-c1-ia5.salesforceliveagent.com	www.flagstar.com
1	adobedc.demdex.net	www.flagstar.com
1	answers.yext-pixel.com	assets.sitescdn.net
1	d.la2-c2-iad.salesforceliveagent.com	www.flagstar.com
1	c.la5-c1cs-ia5.salesforceliveagent.com	www.flagstar.com
0	static.cloudflareinsights.com Failed	www.flagstar.com
113	16

This site contains links to these domains. Also see Links.

Domain
careers.flagstar.com
brokercheck.finra.org
banking.flagstar.com
www.myloans.net
flagstar.myloans.net
signatureny.ebanking-services.com
protect21.fidelityifs.com
www.fislbxcentral.com
corporate-connect.flagstar.com
treasuryaccess.flagstar.com
play.google.com
apps.apple.com
www.cigna.com
ir.mynycb.com
facebook.com
twitter.com
www.linkedin.com
www.onetrust.com

Subject Issuer	Validity	Valid
flagstar.com Cloudflare Inc ECC CA-3	`2023-10-20` - `2024-10-19`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-07-11` - `2024-08-10`	a year	crt.sh
la5-c1cs-ia5.salesforceliveagent.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-04` - `2025-01-01`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-07-11` - `2024-07-10`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-23` - `2024-03-22`	3 months	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
invocacdn.com Amazon RSA 2048 M02	`2023-09-24` - `2024-10-21`	a year	crt.sh
la2-c2-ia4.salesforceliveagent.com DigiCert TLS RSA SHA256 2020 CA1	`2023-07-04` - `2024-07-01`	a year	crt.sh
answers.yext-pixel.com Cloudflare Inc ECC CA-3	`2023-05-09` - `2024-05-08`	a year	crt.sh
adobedc.demdex.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-22` - `2024-11-21`	a year	crt.sh
invoca.net Amazon RSA 2048 M03	`2023-09-24` - `2024-10-21`	a year	crt.sh
la5-c1-ia5.salesforceliveagent.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-04` - `2025-01-01`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-19` - `2024-05-13`	3 months	crt.sh
edge.adobedc.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-21` - `2024-11-20`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.flagstar.com/
Frame ID: 7C1A911FDE61D9F36366F00365DE8BCD
Requests: 119 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Banking Services: Personal, Small Business, Commercial, and Private Banking | FlagstarBack ButtonFilter Button

Page URL History Show full URLs

http://flagstar.com/ HTTP 301
https://flagstar.com/ HTTP 301
https://www.flagstar.com/ Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

113
Requests

99 %
HTTPS

43 %
IPv6

13
Domains

16
Subdomains

15
IPs

2
Countries

1870 kB
Transfer

4605 kB
Size

29
Cookies

23 Outgoing links

These are links going to different origins than the main page.

URL: https://careers.flagstar.com/
Title: Careers

Search URL Search Domain Scan URL

URL: http://brokercheck.finra.org/?/sb
Title: FINRA Broker Check

Search URL Search Domain Scan URL

URL: https://banking.flagstar.com/auth/ForgottenUserId
Title: Username

Search URL Search Domain Scan URL

URL: https://banking.flagstar.com/auth/ForgottenPassword
Title: Password

Search URL Search Domain Scan URL

URL: https://banking.flagstar.com/auth/Enrollment
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://www.myloans.net/content/myloans/us/en/myloans/login
Title: Log In

Search URL Search Domain Scan URL

URL: https://flagstar.myloans.net/content/myloans/us/en/myloans/forgot-username
Title: Username

Search URL Search Domain Scan URL

URL: https://flagstar.myloans.net/content/myloans/us/en/myloans/reset-password
Title: Password

Search URL Search Domain Scan URL

URL: https://flagstar.myloans.net/content/myloans/us/en/myloans/registration
Title: Sign Up

Search URL Search Domain Scan URL

URL: https://signatureny.ebanking-services.com/eAM/Credential/Index?appId=beb&brand=signatureny
Title: Log In

Search URL Search Domain Scan URL

URL: https://protect21.fidelityifs.com/carlstadt/comp/login.jsp
Title: Remote Official Check

Search URL Search Domain Scan URL

URL: https://www.fislbxcentral.com/lms#/
Title: Lockbox Services

Search URL Search Domain Scan URL

URL: https://corporate-connect.flagstar.com/smallbusiness
Title: Log In

Search URL Search Domain Scan URL

URL: https://corporate-connect.flagstar.com/corporate
Title: Log In

Search URL Search Domain Scan URL

URL: https://treasuryaccess.flagstar.com/
Title: Log In

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.mynycb.nycb&hl=en_US&gl=US
Title: Google Play

Search URL Search Domain Scan URL

URL: https://apps.apple.com/us/app/flagstar-mobile-banking/id972805390
Title: Apple's App Store

Search URL Search Domain Scan URL

URL: https://www.cigna.com/legal/compliance/machine-readable-files?/sb
Title: Payer Transparency-MRFs

Search URL Search Domain Scan URL

URL: https://ir.mynycb.com/Home/default.aspx
Title: Company Overview

Search URL Search Domain Scan URL

URL: https://facebook.com/flagstarbank

Search URL Search Domain Scan URL

URL: https://twitter.com/flagstar

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/flagstar-bank

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://flagstar.com/ HTTP 301
https://flagstar.com/ HTTP 301
https://www.flagstar.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

113 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.flagstar.com/
Redirect Chain

http://flagstar.com/
https://flagstar.com/
https://www.flagstar.com/

276 KB
34 KB

235ms
197ms

Document
text/html

172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eb18a370dc69b64f842ecc758c3ef0611e62d3745e99528a1807ce5cc5a293fc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8648ef138de02c42-FRA
clientname: flagstar
content-encoding: gzip
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=xh28yofmF2wCRBJbVc8i3dHZptyeqnQXx7bwN31X1to-1710468278-1.0.1.1-qJn2qEgcIckwndWZjEIsV0Tg12LhC0R7lMpJz8.JThZATxCoxC9F4WKOSEjVaxuIh7k316EmsBe0pHOH8JR3xmtr1BIdwdtECkXzX45L3uwWujuEPoTz0FZaERkhszUCx4UpPsBuntw4hgDV5uET1DzhrXrmuEWNjCzcrFZGUdA; report-to cf-csp-endpoint
content-type: text/html; charset=UTF-8
date: Fri, 15 Mar 2024 02:04:38 GMT
expires: Fri, 15 Mar 2024 02:04:35 GMT
last-modified: Fri, 15 Mar 2024 02:00:19 GMT
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=xh28yofmF2wCRBJbVc8i3dHZptyeqnQXx7bwN31X1to-1710468278-1.0.1.1-qJn2qEgcIckwndWZjEIsV0Tg12LhC0R7lMpJz8.JThZATxCoxC9F4WKOSEjVaxuIh7k316EmsBe0pHOH8JR3xmtr1BIdwdtECkXzX45L3uwWujuEPoTz0FZaERkhszUCx4UpPsBuntw4hgDV5uET1DzhrXrmuEWNjCzcrFZGUdA"}],"group":"cf-csp-endpoint","max_age":86400}
server: cloudflare
server-timing: dtSInfo;desc="0", dtRpid;desc="-2118862650"
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-cnection: close
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-oneagent-js-injection: true
x-ruxit-js-agent: true
x-ua-compatible: IE=Edge
x-xss-protection: 1; mode=block

Redirect headers

cache-control: max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8648ef12092d65b5-FRA
clientname: flagstar
content-type: text/html; charset=iso-8859-1
date: Fri, 15 Mar 2024 02:04:38 GMT
expires: Fri, 15 Mar 2024 02:04:35 GMT
location: https://www.flagstar.com/
server: cloudflare
server-timing: dtSInfo;desc="0", dtRpid;desc="-2122296851"
x-cnection: close

GET
H2 200 ruxitagentjs_ICA27NVfghjqru_10285240307101407.js Show response
www.flagstar.com/ 212 KB
82 KB 25ms
23ms Script
text/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f8a008d491ccf2d428c891130c9ae5571c4d7d76a7fd6ee0262f192d25185a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 115452
x-cnection: close
content-length: 83632
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Wed, 03 Mar 2010 07:01:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: public, max-age=31536000
accept-ranges: bytes
cf-ray: 8648ef14de7e2c42-FRA
expires: Sat, 15 Mar 2025 02:04:38 GMT

GET
H2 200 clientlib-base.83d0d2b4dd70ce05f19597b6c720633f.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 213 KB
16 KB 31ms
30ms Stylesheet
text/css 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.83d0d2b4dd70ce05f19597b6c720633f.css

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d95c5ff2d630309c98b9fa89008f02881448bd953d96a69cc39f4335a4330b74

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-46125049"
content-length: 13007
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:15 GMT
server: cloudflare
etag: "3557a-611cd6e36a405-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef14de7b2c42-FRA
clientname: flagstar

GET
H2 200 clientlib-common.3eb7a162166ff06ffd28c4cd55a66762.js Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 4 KB
5 KB 21ms
20ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-common.3eb7a162166ff06ffd28c4cd55a66762.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5d2fd2417b6b7947a591339e14fea06b882e12b780955ffc062d5bed534d9bbf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 123903
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-2005584910"
content-length: 1382
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 03:34:54 GMT
server: cloudflare
etag: "fdd-6131de01782b6-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef14de7f2c42-FRA
clientname: flagstar

GET
H2 200 launch-bc7a3f427c28.min.js Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/ 268 KB
73 KB 278ms
92ms Script
application/x-javascript 2a02:26f0:3100:782::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:782::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 17782e1d400a735b7c5af2a63b531f265683ad60c74ae6b13897581a945b5d7d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 02:04:38 GMT
content-encoding: gzip
last-modified: Wed, 06 Mar 2024 18:39:57 GMT
server: AkamaiNetStorage
etag: "9d4d2ad8ca0c8629ba09934e24a1898e:1709750397.70827"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.flagstar.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 74134
expires: Fri, 15 Mar 2024 03:04:38 GMT

GET
H2 200 clientlib-autonumeric.d47f6d13b8b6fba73490357cd7b2bc71.js Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 182 KB
42 KB 30ms
29ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-autonumeric.d47f6d13b8b6fba73490357cd7b2bc71.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

82a5f96383e36ec0b545815cd2b03b0fbef250ec1957cd686a9b08cad3cc608b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1137129079"
content-length: 40068
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:31:32 GMT
server: cloudflare
etag: "2d872-611cdb6bf6bcc-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef14de802c42-FRA
clientname: flagstar

GET
H/1.1 200
OK deployment.js Show response
c.la5-c1cs-ia5.salesforceliveagent.com/content/g/js/60.0/ 42 KB
43 KB 992ms
281ms Script
application/javascript 13.110.253.93
SALESFORCE

General

Check archive.org

Show headers Download Go to

Full URL: https://c.la5-c1cs-ia5.salesforceliveagent.com/content/g/js/60.0/deployment.js
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.110.253.93 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS: dcl6-ncg1-c6-iad5.la5-c1cs-ia5.salesforceliveagent.com
Software: Jetty /
Resource Hash: 8ff54385f2146f44f6d729ffb360b04ca6f42fa3c49e185b517d5ab0ac02e9b5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Date: Fri, 15 Mar 2024 02:04:39 GMT
Cache-Control: max-age=60, must-revalidate
Last-Modified: Fri, 01 Mar 2024 22:36:36 GMT
Server: Jetty
Accept-Ranges: bytes
Content-Length: 43262
Content-Type: application/javascript

GET
H2 200 clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 0
3 KB 23ms
22ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="429325692"
content-length: 0
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 03:34:54 GMT
server: cloudflare
etag: "0-6131de017869e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef14de812c42-FRA
clientname: flagstar

GET
H2 200 clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 0
3 KB 24ms
23ms Stylesheet
text/css 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.css

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1887752421"
content-length: 0
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:15 GMT
server: cloudflare
etag: "0-611cd6e37730d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef14de7c2c42-FRA
clientname: flagstar

GET
H2 200 clientlib-site.46dbc4b8e8479098326272ed3c632026.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 265 KB
45 KB 22ms
21ms Stylesheet
text/css 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc281ec22c64cb557de99d0e81bf687e833f1ae81479d510c07772c97cc2901d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110536
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-2136199338"
content-length: 43142
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 02:57:18 GMT
server: cloudflare
etag: "423c1-6131d5994a65e-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef14de7d2c42-FRA
clientname: flagstar

GET
H2 200 help-circle.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 831 B
4 KB 29ms
28ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/help-circle.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

25042f6994a65e8b585909f22a8e983e6d2fec1cc3b88a0a85df6fea3ebe10fb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1837796227"
content-length: 448
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:15 GMT
server: cloudflare
etag: "33f-611cd6e37cce5-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef14de822c42-FRA
clientname: flagstar

GET
H2 200 map-pin.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 611 B
4 KB 28ms
28ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/map-pin.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a584616981963ae61992fee36f95da1ca96818a1c68695354bd899e32307429

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1444066534"
content-length: 317
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:12:49 GMT
server: cloudflare
etag: "263-611cd73d3e929-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef14de832c42-FRA
clientname: flagstar

GET
H2 200 globe.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 844 B
4 KB 20ms
19ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/globe.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84551b2fc5b4daf2d89a4bb712509343abf84878723f814701d42cd050237e7d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1638499635"
content-length: 381
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:13:19 GMT
server: cloudflare
etag: "34c-611cd759b8a25-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef150e962c42-FRA
clientname: flagstar

GET
H2 200 Logo.png
www.flagstar.com/content/dam/newco/global-navigation-icons/ 10 KB
13 KB 21ms
20ms Image
image/png 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/Logo.png

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def9e061c234084f9709283b1982131b725bcc68b2ed4581f54d322103ee2f02

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1358686013"
content-length: 9965
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:12:49 GMT
server: cloudflare
etag: "26ed-611cd73d51dc1"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef150e972c42-FRA
clientname: flagstar

GET
H2 200 icon-card_checking-savings.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 4 KB
4 KB 20ms
20ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_checking-savings.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f453487a4e177cda0bbace5eb1ba7f468936488b95769b3de17349967e8fab9e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1680599250"
content-length: 1038
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:30:59 GMT
server: cloudflare
etag: "10e3-611cdb4c51d1b-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef19085a2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_debit-credit-cards.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 20ms
20ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_debit-credit-cards.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e95e113bfeb440a09cd08c80ee6dd2c15931a4851163a0d8075135d57f6c131c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-543885070"
content-length: 975
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:13:19 GMT
server: cloudflare
etag: "d40-611cd759eb6a5-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1928792c42-FRA
clientname: flagstar

GET
H2 200 icon-card_ways-to-bank.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 18ms
18ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_ways-to-bank.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6e883915424fc156cca96b72d20b7ca928799d6d1d3b075db0d0eca941972915

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="19272246"
content-length: 909
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:25 GMT
server: cloudflare
etag: "cdd-611cd6b3b81ab-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1948892c42-FRA
clientname: flagstar

GET
H2 200 icon-card_buy-a-home.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
4 KB 18ms
17ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_buy-a-home.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92b60026dfcc6eb3bf8631ec3c25138b31110706ceec72d087c6e5b5fc8a5cab

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1151860701"
content-length: 770
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:45 GMT
server: cloudflare
etag: "825-611cd6c7253e2-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1968a12c42-FRA
clientname: flagstar

GET
H2 200 icon-card_get-cash.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 19ms
19ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_get-cash.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f5954f0a829c02a8c57d814c998de13afa8d91f62cffdfe316c024bed3262d2e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="818541348"
content-length: 788
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:15 GMT
server: cloudflare
etag: "b63-611cd6e3cc26d-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1988d02c42-FRA
clientname: flagstar

GET
H2 200 icon-card_purchase-a-vehicle.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 4 KB
4 KB 30ms
30ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_purchase-a-vehicle.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0731a9c84bce53cb2a4ecaf08dc811585971a899fcbbb8d79e340efe56dcd95

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 93408
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-285509246"
content-length: 1123
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:13:20 GMT
server: cloudflare
etag: "110a-611cd75a5985d-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef19a8e62c42-FRA
clientname: flagstar

GET
H2 200 icon-card_flagstar-wealth-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 6 KB
5 KB 17ms
17ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_flagstar-wealth-services.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96387be010f65288928b24d9445e88bcdb99e30664b7d2d595a7ccda6f1c4dc6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="756169229"
content-length: 1576
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:12:50 GMT
server: cloudflare
etag: "1671-611cd73dc4d99-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef19d90c2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_financial-solutions.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
4 KB 16ms
16ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_financial-solutions.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3475c512749c10abccdeffe33c396580e23098635ab83c9f7d2987c076a457c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1934072380"
content-length: 726
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:51 GMT
server: cloudflare
etag: "7c5-611cd7b19c456-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef19f9152c42-FRA
clientname: flagstar

GET
H2 200 icon-card_insights.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 4 KB
4 KB 20ms
19ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_insights.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

923a8d9740f94f5c08fcd2f3be048e8689441a216c3be5c0784797d5017d02d5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1694125214"
content-length: 885
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:12:07 GMT
server: cloudflare
etag: "e1e-611cd7151a300-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1a19222c42-FRA
clientname: flagstar

GET
H2 200 icon-card_tools-calculators.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 20ms
19ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_tools-calculators.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

70740bb39befcad42f09bbff8a78e7f0503e3e4bf6361c858cea9423c8ad558c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1127430535"
content-length: 543
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:15 GMT
server: cloudflare
etag: "a99-611cd6e3de37d-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1a39372c42-FRA
clientname: flagstar

GET
H2 200 icon-card_how-to-guides.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
4 KB 22ms
21ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_how-to-guides.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e2cdba8b1ff0a5dc4a5f88b397ec0789788233467372c668ff43a5cb535dba27

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="897018303"
content-length: 652
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:25 GMT
server: cloudflare
etag: "86a-611cd6b418c8b-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1a59452c42-FRA
clientname: flagstar

GET
H2 200 icon-card_faqs.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 1 KB
4 KB 20ms
20ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_faqs.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eba4e1c2cce29282aa8fa6dd71e6046399b06e5d408e2f4c2c2763642572c842

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 61704
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1877014768"
content-length: 541
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:25 GMT
server: cloudflare
etag: "45d-611cd6b40bd83-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1a795a2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_sign-up.svg
www.flagstar.com/content/dam/newco/personal/banking/icons/ 1 KB
4 KB 24ms
24ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/personal/banking/icons/icon-card_sign-up.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27a930e516d39f72356590a4e737515c95aa3a9969b6c2fc12075710f9032998

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="936293458"
content-length: 601
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Thu, 29 Feb 2024 13:45:55 GMT
server: cloudflare
etag: "4bb-612857a852b45-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1a996a2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_business-checking-savings.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
5 KB 22ms
21ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-checking-savings.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1d3a3e26c91ba85b3d9ac92db5f8335ea6994994a2538d4f47f5e919439d4c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115452
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=mCiLltpGsy2K39u2IXACq2Nv8QLZH8jQ7JztFJjP5BI-1710468279-1.0.1.1-c6deMsUQkoHjFzNVBSGWzuv7ZLMkqtBg5QIQtvj7CaIjHvO82Kn8bwZX3DCH8ehtPWygbjlBnL9qn0gbyUFKUr_UMSmvArQX2KGaS6gMU36DvWE8n7CVl_OCJCrbQSIok1S0dNIZ9Gv7QIx9NZYTkLBjD57u6aU2FizZu9_KCTg; report-to cf-csp-endpoint
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-497242738"
content-length: 985
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:32 GMT
server: cloudflare
etag: "d18-611cd79f60e5f-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=mCiLltpGsy2K39u2IXACq2Nv8QLZH8jQ7JztFJjP5BI-1710468279-1.0.1.1-c6deMsUQkoHjFzNVBSGWzuv7ZLMkqtBg5QIQtvj7CaIjHvO82Kn8bwZX3DCH8ehtPWygbjlBnL9qn0gbyUFKUr_UMSmvArQX2KGaS6gMU36DvWE8n7CVl_OCJCrbQSIok1S0dNIZ9Gv7QIx9NZYTkLBjD57u6aU2FizZu9_KCTg"}],"group":"cf-csp-endpoint","max_age":86400}
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ac9782c42-FRA
clientname: flagstar

GET
H2 200 icon-card_business-credit-cards.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
4 KB 19ms
18ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-credit-cards.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

606ceda8954b51480b26eb5e9abd2d26d4d481d7dedeaa6afcec3ee5d6b39227

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="343861907"
content-length: 867
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:12:50 GMT
server: cloudflare
etag: "878-611cd73ddb4f9-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ae9882c42-FRA
clientname: flagstar

GET
H2 200 icon-card_business-loans.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 11 KB
5 KB 22ms
21ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-loans.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

090dccdc949d234690ab3c5084c4683087813babb20a034e37868642a63434dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1783652534"
content-length: 2157
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:15 GMT
server: cloudflare
etag: "2a08-611cd6e3ef105-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1b09982c42-FRA
clientname: flagstar

GET
H2 200 icon-card_business-lines-of-credit.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 4 KB
4 KB 22ms
22ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-lines-of-credit.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

804454a2c411d8bb3a19ab0c282698955089bdd1f3e7114f880d85e919eb5910

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-530415216"
content-length: 847
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:51 GMT
server: cloudflare
etag: "e2b-611cd7b1b56ae-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1b39a52c42-FRA
clientname: flagstar

GET
H2 200 icon-card_commercial-mortgage.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 6 KB
4 KB 19ms
19ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_commercial-mortgage.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4b7f19f0359b200b661e8f6ddd6cb71c15a213a1e944d16df9f4477cf616ec8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1518191163"
content-length: 1146
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:32 GMT
server: cloudflare
etag: "1705-611cd79f6aa9f-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1b59bc2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_treasury-management1.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 17ms
17ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_treasury-management1.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1988111194"
content-length: 815
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:30:59 GMT
server: cloudflare
etag: "cde-611cdb4ca39b3-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1b79cf2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_wealth-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
4 KB 21ms
21ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_wealth-services.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33dbf9d3f5f3d7695cd1c9753c24113044b3c1aa2cd21771fc5580327c0d5c28

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1923583611"
content-length: 620
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:31:33 GMT
server: cloudflare
etag: "6ec-611cdb6ccd17c-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1b99e22c42-FRA
clientname: flagstar

GET
H2 200 icon-card_sectors.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
4 KB 21ms
21ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_sectors.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

def3cd591fff9b3958866afefa7cf7321de1d902dc9b85749986d6bc637deaf9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="354664586"
content-length: 776
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:45 GMT
server: cloudflare
etag: "8a6-611cd6c7516ea-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1b99e32c42-FRA
clientname: flagstar

GET
H2 200 icon-card_treasury-management.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 25ms
21ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_treasury-management.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1804126282"
content-length: 815
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:45 GMT
server: cloudflare
etag: "cde-611cd6c7522a2-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1b99e82c42-FRA
clientname: flagstar

GET
H2 200 icon-card_banking-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 22ms
18ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_banking-services.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

38bc96c8a0910f32a8fcda24fdeaf7a9a5ce6ba89087e3be7b3200f75edbbd34

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 116071
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1125755749"
content-length: 1035
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:12:07 GMT
server: cloudflare
etag: "dd9-611cd71552570-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1b99e92c42-FRA
clientname: flagstar

GET
H2 200 icon-card_investment-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 24ms
20ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_investment-services.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9fc5fc887e2a0ad18a5136f7a2132ebcca631ca61e8669c52197a849c1b1aca1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="87794007"
content-length: 782
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:15 GMT
server: cloudflare
etag: "cf8-611cd6a9f93b4-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9ea2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_private-banking.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 3 KB
4 KB 26ms
23ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_private-banking.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

97df66242f23aaeb6bbc7d5e8c021a11c1bad6c4b5288ec452ee527862bc3b8c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-270825786"
content-length: 1018
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:45 GMT
server: cloudflare
etag: "d9b-611cd6c7597d2-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9eb2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_credit-lending.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 4 KB
4 KB 43ms
40ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_credit-lending.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

801847061fa3bd28e46114c9091fd9f5997d929e74375a438a7aa7af517ffcf6

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122845
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-772494525"
content-length: 805
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:30:59 GMT
server: cloudflare
etag: "fc6-611cdb4cb2be3-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9ec2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_wealth-management.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
4 KB 27ms
24ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_wealth-management.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

475123a04af4e549385e696417bd320a5bce09c8e380c91522041e00d2c22173

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="515111917"
content-length: 805
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:12 GMT
server: cloudflare
etag: "9b5-611cd6e0ee59f-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9ed2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_about-us.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 1 KB
4 KB 39ms
36ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_about-us.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f7ef3b405d900ff0a094366a371e588b2b237bc32ee0ba137dd9867a2f20d7a

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="305329194"
content-length: 435
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:32 GMT
server: cloudflare
etag: "5b6-611cd79f80647-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9ee2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_our-approach.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
4 KB 36ms
33ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_our-approach.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b44994c64a6b67108462fe811a6ac32b4ea7bd9749931714c1d325b217841a67

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="309684195"
content-length: 467
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:12:07 GMT
server: cloudflare
etag: "7b4-611cd71566d90-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9ef2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_specialized-expertise.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 2 KB
5 KB 40ms
37ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_specialized-expertise.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7cdf1b99e51212475107d8ee46cc03546111d482fc00c4708d76c9c2cffde17

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=K8BoYUzgsKyzZsfhlH5.f9qTnrm9OMorzmKBuUSPZiw-1710468279-1.0.1.1-h_Z6BuyQhBXWjxaL8lZwwFoXdp1JQDMmFDu21jZ6l3jbcSB3DbR.ZVwUNW91P3GWeNc2NAt0bpiVhUAAGPLt9MDMlZMPEsqkDyPAhCS5zUl9VavtHoeC.pZy3ByaZJhSuCjdUGYInUPyxXRphbEBh4cvlWIHwYIp3uf3tOl_YDM; report-to cf-csp-endpoint
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="61573301"
content-length: 701
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:15 GMT
server: cloudflare
etag: "7b7-611cd6e41276d-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
report-to: {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=K8BoYUzgsKyzZsfhlH5.f9qTnrm9OMorzmKBuUSPZiw-1710468279-1.0.1.1-h_Z6BuyQhBXWjxaL8lZwwFoXdp1JQDMmFDu21jZ6l3jbcSB3DbR.ZVwUNW91P3GWeNc2NAt0bpiVhUAAGPLt9MDMlZMPEsqkDyPAhCS5zUl9VavtHoeC.pZy3ByaZJhSuCjdUGYInUPyxXRphbEBh4cvlWIHwYIp3uf3tOl_YDM"}],"group":"cf-csp-endpoint","max_age":86400}
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9f22c42-FRA
clientname: flagstar

GET
H2 200 answers.css
assets.sitescdn.net/answers-search-bar/v1.5/ 103 KB
13 KB 52ms
19ms Stylesheet
text/css 2606:4700::6811:1854
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sitescdn.net/answers-search-bar/v1.5/answers.css
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:1854 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 403ec99441cacff48156ea95969e9eb61fa80cdc67019f65b5f51fa903ad752f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 02:04:38 GMT
x-amz-version-id: rUuq0gWpQ8vPDr1wXRf3oDuthJTK9mz1
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 13 Feb 2024 15:52:06 GMT
server: cloudflare
x-amz-request-id: TRBSSMQ9DE0ZWXZY
age: 29002
etag: W/"59c959159bd9c9dee3f1e9490d9940fc"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=43200
cf-ray: 8648ef1568ff3835-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 7fIsigb0raadHVgU8me8ynYbbF6tC3fWpUzDwFgud14IvBT2ADfCZIua8fvdkxoHTcohquRovr0=

GET
H2 200 answers.min.js Show response
assets.sitescdn.net/answers-search-bar/v1.5/ 434 KB
116 KB 51ms
18ms Script
text/javascript 2606:4700::6811:1854
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sitescdn.net/answers-search-bar/v1.5/answers.min.js
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:1854 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3e7ebc77bef7d40eb22899b7f5b44aa491a242afdb695d38ec8dd0f587d2f3ee

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 02:04:38 GMT
x-amz-version-id: n.2XKrd6Gk28VFv7OLP0_EsWxXQfqGwA
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 13 Feb 2024 15:52:06 GMT
server: cloudflare
x-amz-request-id: EG3S085SGRDATWVY
age: 24156
etag: W/"bf075e02e336607110569d16fe8f9a5b"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=43200
cf-ray: 8648ef1569013835-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: vVPJnO3x1QW1TTzrqs9kQY6D73n2ryoacLnUVkd+rdTMYCdd4EzUrrgEv7Qnb7DlL65zspUcXTU=

GET
H2 200 answerstemplates.compiled.min.js Show response
assets.sitescdn.net/answers-search-bar/v1.5/ 81 KB
21 KB 20ms
19ms Script
text/javascript 2606:4700::6811:1854
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.sitescdn.net/answers-search-bar/v1.5/answerstemplates.compiled.min.js
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6811:1854 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2ec42dc868fd8626e9d5eeb98d4d888dba09f4a102fe399654abe79fd735e206

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 02:04:38 GMT
x-amz-version-id: 3FZ2zCYnpSGC_xQOR46F9ZJ8KYNLPGkE
content-encoding: gzip
cf-cache-status: HIT
last-modified: Tue, 13 Feb 2024 15:52:06 GMT
server: cloudflare
x-amz-request-id: 332E29J35BQGGE33
age: 24156
etag: W/"6494457f8032c98775ff157bf2a1970d"
vary: Accept-Encoding
content-type: text/javascript
cache-control: max-age=43200
cf-ray: 8648ef15891b3835-FRA
alt-svc: h3=":443"; ma=86400
x-amz-id-2: KhJiOEjubuCuEiI+o8iOwdTYF4jQm8ABFjIS/l9OwvXUWl0GMLd6SC+dmdvY/KXrbeZJ7QBXiQQ=

GET
H2 200 Answers.js Show response
www.flagstar.com/content/dam/newco/script/ 628 B
4 KB 19ms
19ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/content/dam/newco/script/Answers.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4de9a2e13a638feaef7cfe74c34a7cf7876a971d6eaab169d59a7e383f5aa75e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="2110926616"
content-length: 406
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:31:32 GMT
server: cloudflare
etag: "274-611cdb6c37adc-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef159ed82c42-FRA
clientname: flagstar

GET
H2 200 Megaphone%201.svg
www.flagstar.com/content/dam/newco/global/icons/ 886 B
4 KB 37ms
34ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global/icons/Megaphone%201.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

035c84a3e7aad2af24632b56b6c54926db5439e9172dd5a7e0dcc0f345f3fe77

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122845
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="24816711"
content-length: 364
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Mon, 26 Feb 2024 19:15:57 GMT
server: cloudflare
etag: "376-6124dbd460e3a-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9f32c42-FRA
clientname: flagstar

GET
H2 200 icon-card_check-mark-rev.svg
www.flagstar.com/content/dam/newco/global/icons/ 1 KB
4 KB 33ms
30ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global/icons/icon-card_check-mark-rev.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69ad19cf88e479ac6c2852625cabedc8a93a8e7ccd01b6c9e2ad527b3edc38e2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-903636641"
content-length: 445
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Mon, 26 Feb 2024 19:13:29 GMT
server: cloudflare
etag: "46b-6124db46bfb03-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9f52c42-FRA
clientname: flagstar

GET
H2 200 icon_popular-questions.svg
www.flagstar.com/content/dam/newco/global/icons/ 983 B
4 KB 43ms
41ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global/icons/icon_popular-questions.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac266bbd4cddf2d946abcbc7d9ee3a77800097e2524cba6c4dc0813cad1073b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 114006
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1649871633"
content-length: 451
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Mon, 26 Feb 2024 19:12:31 GMT
server: cloudflare
etag: "3d7-6124db0fc1490-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9f72c42-FRA
clientname: flagstar

GET
H2 200 icon-card_online-banking-demo.svg
www.flagstar.com/content/dam/newco/customer-support/icons/ 2 KB
4 KB 40ms
37ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/customer-support/icons/icon-card_online-banking-demo.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e043721061d784ae53cad3051b399b978c63ee392165535e32b567ee8340ee97

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110023
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1313244638"
content-length: 615
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:45 GMT
server: cloudflare
etag: "80f-611cd6c76cc6a-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9f82c42-FRA
clientname: flagstar

GET
H2 200 card_setting-and-keeping-your-financial-goals.jpg
www.flagstar.com/content/dam/newco/learn/card-images/ 45 KB
49 KB 28ms
25ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/learn/card-images/card_setting-and-keeping-your-financial-goals.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e91a4a82211abaac9a085747cabc8125f2c8a0e5a8f4c207eca12c29aec0f2b2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1441495835"
content-length: 46565
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Tue, 20 Feb 2024 10:11:13 GMT
server: cloudflare
etag: "b5e5-611cd6e15dade"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9f92c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H2 200 card_identity-theft-protection.jpg
www.flagstar.com/content/dam/newco/learn/card-images/ 48 KB
51 KB 33ms
31ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/learn/card-images/card_identity-theft-protection.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9bd825a4b9767ceccf6c94f1d24a7d4cf63c0e743a4b536cb8eb9c31a550bbd4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 89751
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1829749746"
content-length: 49161
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Tue, 20 Feb 2024 10:30:59 GMT
server: cloudflare
etag: "c009-611cdb4cd5a7b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9fa2c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H2 200 card_advantages-of-home-equity.jpg
www.flagstar.com/content/dam/newco/learn/card-images/ 23 KB
26 KB 46ms
44ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/learn/card-images/card_advantages-of-home-equity.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42f8e50a352e82b164d07445e4a3ee7eb6e70e959a5ab08eebc3094a86530ec1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1448839069"
content-length: 23289
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Tue, 20 Feb 2024 10:12:07 GMT
server: cloudflare
etag: "5af9-611cd7158cb08"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9fb2c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H2 200 icon-card_calculator
www.flagstar.com/content/dam/newco/global/icons/ 2 KB
4 KB 142ms
140ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global/icons/icon-card_calculator

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e269b0b63b7b5e183e60cefac1e9cc41fc930789a18dc497384b427aa74ea1cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:36 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
content-encoding: gzip
x-oneagent-js-injection: true
x-cnection: close
content-disposition: attachment; filename="icon-card_calculator"
server-timing: dtRpid;desc="329615777", dtSInfo;desc="0"
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 03:49:11 GMT
server: cloudflare
etag: W/"1708400953:dtagent10285240307101407wwwp:dtagent10285240307101407wwwp"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: max-age=2592000
cf-ray: 8648ef1ba9fc2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_first-time-home-buyer.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/ 2 KB
4 KB 31ms
29ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_first-time-home-buyer.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49053fa023e05f72834fb4858b8b6ea2ea9864f7a17113b3c42a425a2939adb4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 114006
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1337024658"
content-length: 650
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 21:03:44 GMT
server: cloudflare
etag: "763-6132c86fe5875-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9fd2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_mortgage-approved-or-closed-home-loans.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/ 3 KB
4 KB 30ms
28ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_mortgage-approved-or-closed-home-loans.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

436098c0c6fe572bbaaea00d2293bc100c536e75592dc9bd73371eb1a09bea94

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 110023
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-641958310"
content-length: 859
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Thu, 29 Feb 2024 13:56:42 GMT
server: cloudflare
etag: "c3e-61285a10baffa-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9fe2c42-FRA
clientname: flagstar

GET
H2 200 icon-card_connect.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/ 3 KB
4 KB 34ms
32ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_connect.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be235aeef05250ebd0496e4aff893fc4c2a0f459a18c2326517880b1fa779dea

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1221020711"
content-length: 919
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 21:16:26 GMT
server: cloudflare
etag: "c1e-6132cb4696ab6-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1ba9ff2c42-FRA
clientname: flagstar

GET
H2 200 card_about-flagstar.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/ 28 KB
31 KB 43ms
42ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_about-flagstar.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

022866fe426eaaadfb99d714ee1758358cecb9321084b8ae088749b375b64920

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 114520
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1483511562"
content-length: 28566
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Mon, 04 Mar 2024 13:51:50 GMT
server: cloudflare
etag: "6f96-612d6070e10a0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1baa012c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H2 200 card_community-involvement.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/ 57 KB
60 KB 40ms
38ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_community-involvement.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b8e6dd018656e2051b99145f8a306111351b21bcc97d67debb41b3f8f7a33ca

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 122711
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1093975187"
content-length: 58430
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Mon, 04 Mar 2024 13:48:45 GMT
server: cloudflare
etag: "e43e-612d5fc034151"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1baa022c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H2 200 card_diversity-equity-and-inclusion.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/ 19 KB
22 KB 36ms
35ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_diversity-equity-and-inclusion.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c25b79f044d5037c9792be55ae6b3cf18a56da5df5bd344431188ebaab031c03

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 114520
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1606285037"
content-length: 19677
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Mon, 04 Mar 2024 13:46:18 GMT
server: cloudflare
etag: "4cdd-612d5f344b66d"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1baa032c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H2 200 clientlib-site.e86d9f0f1a3ad6fa2a8f0115739d3c22.js Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 45 KB
12 KB 20ms
20ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.e86d9f0f1a3ad6fa2a8f0115739d3c22.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7020139ce030f3be78d5b9a3282cb6622efe02bc26061df54caf96212cf20b4d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1803891315"
content-length: 9338
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 04:10:48 GMT
server: cloudflare
etag: "b502-6131e607029fe-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef15aedc2c42-FRA
clientname: flagstar

GET
H2 200 container.027d01df25f17066242db969c9bf2ade.js Show response
www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/ 6 KB
2 KB 19ms
19ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.027d01df25f17066242db969c9bf2ade.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe05972ec9e5bdd020c2cbdeae20d95d5643888ee2198c4ebf1145b1d60d30ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 117901
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-832120876"
content-length: 1572
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:37 GMT
server: cloudflare
etag: "17c3-611cd7a42bb36-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef15bee42c42-FRA
expires: Sun, 14 Apr 2024 02:04:38 GMT

GET
H2 200 csrf.a9dcac4698709ca8e1cbc88363cf0793.js Show response
www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/ 10 KB
3 KB 19ms
19ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 123903
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-141242245"
content-length: 2867
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Thu, 03 Nov 2022 13:15:32 GMT
server: cloudflare
etag: "27d9-5ec90c07784d5-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef15ceea2c42-FRA
expires: Sun, 14 Apr 2024 02:04:38 GMT

GET
H2 200 clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 159 KB
32 KB 22ms
21ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7382dd06b3e2279c5e4046426b583c17f7bfd30377033a2049d1f7f1a13ddfe

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:38 GMT
date: Fri, 15 Mar 2024 02:04:38 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 123903
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-496562579"
content-length: 29567
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 03:46:35 GMT
server: cloudflare
etag: "27b56-6131e09d2caf5-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef15deee2c42-FRA
clientname: flagstar

GET
H2 200 FooterLogo.png
www.flagstar.com/content/dam/newco/footer/ 5 KB
8 KB 47ms
45ms Image
image/png 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/footer/FooterLogo.png

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0bbcb1c065db429b64f24825abb404ee8795be695d726894813bddcb462476bf

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1306005435"
content-length: 4842
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:30:59 GMT
server: cloudflare
etag: "12ea-611cdb4cfd34b"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1baa042c42-FRA
clientname: flagstar

GET
H2 200 facebook.png
www.flagstar.com/content/dam/newco/footer/ 3 KB
6 KB 49ms
48ms Image
image/png 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/footer/facebook.png

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a71bd54a0b412e2a987daa67d5203169a5973349249e9e563ebe78f9460ff2c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 110579
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1530017077"
content-length: 2992
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:38 GMT
server: cloudflare
etag: "bb0-611cd7a4d7d1e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1baa052c42-FRA
clientname: flagstar

GET
H2 200 twitter.png
www.flagstar.com/content/dam/newco/footer/ 3 KB
6 KB 44ms
43ms Image
image/png 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/footer/twitter.png

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b262089aff66440a9664b16bc5541050a728ca80ce98c8756bd10353e5edde5d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="670413137"
content-length: 3247
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:51 GMT
server: cloudflare
etag: "caf-611cd7b211756"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1baa082c42-FRA
clientname: flagstar

GET
H2 200 linkedin.png
www.flagstar.com/content/dam/newco/footer/ 3 KB
6 KB 46ms
45ms Image
image/png 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/footer/linkedin.png

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89d46740e95d2d1e4f6d2b54f569e319515b0d89426ccfa4c33f13e1ca4ab6bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 115452
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-629182120"
content-length: 3098
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:13 GMT
server: cloudflare
etag: "c1a-611cd6e1e8d6e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1baa0a2c42-FRA
clientname: flagstar

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 216 KB
58 KB 27ms
12ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

85267fa4a3e908d0c2778fc27bf13b384d2353c2d12e8d4c78982a3cfaa9636e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 15 Mar 2024 02:04:39 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57631
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1326, tbw=2783, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: 08n24fKWS2/zu927ys540CbLvNI8MG4YPw1E37Zlc4f6vw1J59hQrmEfChWeyRjV15bl3aK5CyMHJPAzteD1qw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 globe.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/ 844 B
4 KB 39ms
39ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global-navigation-icons/globe.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

84551b2fc5b4daf2d89a4bb712509343abf84878723f814701d42cd050237e7d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115453
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1638499635"
content-length: 381
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:13:19 GMT
server: cloudflare
etag: "34c-611cd759b8a25-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1baa0c2c42-FRA
clientname: flagstar

GET
H2 200 Fellix-Medium.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/ 51 KB
54 KB 39ms
39ms Font
font/woff 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Medium.woff

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d9f9c1b8a5fa5db59d5f705edc27e4a3ffe9eedbcc225e622d2f8055c99f761c

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css
Origin: https://www.flagstar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 1041
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1078160010", dtTao;desc="1"
content-length: 52352
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:12 GMT
server: cloudflare
etag: "cc80-611cd6e1cb8ae:dtagent10285240307101407wwwp"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff
cache-control: public, max-age=14400
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8648ef1baa0e2c42-FRA
expires: Fri, 15 Mar 2024 06:04:39 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/ 20 KB
7 KB 64ms
35ms Script
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/otSDKStub.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 33293
content-md5: 1C7BuQ3LGAlBcdxyvs3Sgw==
content-length: 6884
x-ms-lease-status: unlocked
last-modified: Tue, 20 Feb 2024 11:14:14 GMT
server: cloudflare
etag: 0x8DC3205122F70A6
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 7cae8391-a01e-0054-02ee-6376d4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8648ef1c484d3637-FRA
expires: Sat, 16 Mar 2024 02:04:39 GMT

GET
DATA 200
OK truncated
/ 718 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e5182523f59ba1baecf5a1ebc9994231e088592a940331952aa3124db80a757f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H2 200 Fellix-Regular.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/ 51 KB
54 KB 17ms
16ms Font
font/woff 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Regular.woff

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bb0c0db8ccc7938c8d17d623e5e4055f8790a51a40c78f8fe57c2e24bbed567b

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css
Origin: https://www.flagstar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 1041
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1803632011", dtTao;desc="1"
content-length: 52008
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:11:14 GMT
server: cloudflare
etag: "cb28-611cd6e3c4d3d:dtagent10285240307101407wwwp"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff
cache-control: public, max-age=14400
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8648ef1c2a462c42-FRA
expires: Fri, 15 Mar 2024 06:04:39 GMT

GET
H2 200 Megaphone%201.svg
www.flagstar.com/content/dam/newco/global/icons/ 886 B
4 KB 20ms
20ms Image
image/svg+xml 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/global/icons/Megaphone%201.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

035c84a3e7aad2af24632b56b6c54926db5439e9172dd5a7e0dcc0f345f3fe77

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 122845
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="24816711"
content-length: 364
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Mon, 26 Feb 2024 19:15:57 GMT
server: cloudflare
etag: "376-6124dbd460e3a-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1c7a702c42-FRA
clientname: flagstar

GET
H2 200 token.json Show response
www.flagstar.com/libs/granite/csrf/ 2 B
181 B 127ms
127ms XHR
application/json 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/libs/granite/csrf/token.json

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: -1
date: Fri, 15 Mar 2024 02:04:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-oneagent-js-injection: true
x-cnection: close
server-timing: dtRpid;desc="1527195167", dtSInfo;desc="0"
content-length: 2
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
server: cloudflare
x-frame-options: SAMEORIGIN
content-type: application/json;charset=iso-8859-1
cache-control: no-cache
cf-ray: 8648ef1c7a722c42-FRA
clientname: flagstar

GET
H2 200 clientlib-site.e86d9f0f1a3ad6fa2a8f0115739d3c22.js Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 45 KB
12 KB 17ms
17ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.e86d9f0f1a3ad6fa2a8f0115739d3c22.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7020139ce030f3be78d5b9a3282cb6622efe02bc26061df54caf96212cf20b4d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 115453
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-1803891315"
content-length: 9338
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 04:10:48 GMT
server: cloudflare
etag: "b502-6131e607029fe-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1c9a7f2c42-FRA
clientname: flagstar

GET
DATA 200
OK truncated
/ 572 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 27abd69045bfedd0501b68c979047543c77c576bbc1e9819f5c7654aef2914f7

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=UTF-8

GET
H2 200 hero-2_ready-checking0324.jpg
www.flagstar.com/content/dam/newco/personal/banking/hero-images/ 63 KB
66 KB 17ms
17ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/personal/banking/hero-images/hero-2_ready-checking0324.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75b249c7e3dfbfac8c0f8355dfd581ae8d2640a7853f9545f8022b75295d6978

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 110023
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1629671256"
content-length: 64353
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Wed, 13 Mar 2024 14:05:17 GMT
server: cloudflare
etag: W/"fb61-6138b43b67550"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1c9a822c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
DATA 200
OK truncated
/ 448 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: cb90437e6e80e8e6aaa268b8d38efe74a691732163778001083b3582c15c861f

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 feature_mobile-app.jpg
www.flagstar.com/content/dam/newco/personal/banking/feature-images/ 126 KB
129 KB 19ms
19ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/personal/banking/feature-images/feature_mobile-app.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36eb0ab37a2e2255bdff59a124eb2fac1fdec82f51f1b05be98f93b48116094e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 122710
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="195648915"
content-length: 129109
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Fri, 08 Mar 2024 21:30:00 GMT
server: cloudflare
etag: "1f855-6132ce4e5dc90"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1c9a852c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
DATA 200
OK truncated
/ 387 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 3f3a53cecd609c52d2d87a08dc9f074e8a907569526fc16631ae930b67b7fbcc

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 485 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 7f2e0c9da687d8c85eda95732725ff81992c97091c85c1fb85e83e05bef4e740

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 4 KB
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 952e9acd27a406f242f38222ef659d11dcbc82f3a1fe36e759441bfdbf7576ac

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 Fellix-SemiBold.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/ 51 KB
55 KB 18ms
18ms Font
font/woff 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-SemiBold.woff

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

850738adf5732aeff29a17ba8804213f8073f9f2b7d5021b1ff6f1324c8ca9b9

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css
Origin: https://www.flagstar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 1041
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1420747434", dtTao;desc="1"
content-length: 52712
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:10:25 GMT
server: cloudflare
etag: "cde8-611cd6b4758eb:dtagent10285240307101407wwwp"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff
cache-control: public, max-age=14400
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8648ef1c9a892c42-FRA
expires: Fri, 15 Mar 2024 06:04:39 GMT

GET
H2 200 1507898736628275 Show response
connect.facebook.net/signals/config/ 54 KB
12 KB 55ms
55ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1507898736628275?v=2.9.149&r=stable&domain=www.flagstar.com&hme=8b8eb2472f555e54a8b57f2b720f9bd3b1bc6aed031525376dd772ba51107995&ex_m=63%2C107%2C95%2C99%2C54%2C3%2C89%2C62%2C14%2C87%2C80%2C45%2C47%2C153%2C156%2C167%2C163%2C164%2C166%2C26%2C90%2C46%2C69%2C165%2C148%2C151%2C160%2C161%2C168%2C116%2C13%2C44%2C172%2C171%2C118%2C16%2C30%2C33%2C1%2C37%2C58%2C59%2C60%2C64%2C84%2C15%2C12%2C86%2C83%2C82%2C96%2C98%2C32%2C97%2C27%2C23%2C149%2C152%2C125%2C25%2C9%2C10%2C11%2C5%2C6%2C22%2C19%2C20%2C50%2C55%2C57%2C67%2C91%2C24%2C68%2C8%2C7%2C72%2C42%2C18%2C93%2C92%2C17%2C74%2C79%2C41%2C40%2C78%2C34%2C36%2C77%2C49%2C75%2C29%2C38%2C66%2C0%2C85%2C4%2C81%2C73%2C76%2C2%2C31%2C56%2C35%2C94%2C39%2C71%2C61%2C100%2C53%2C52%2C28%2C88%2C51%2C48%2C43%2C70%2C65%2C21%2C101

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

c15be80fc6beae2d18d1857a2f844213581de0ad1adc13fbea090b61f71a5bf2

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 15 Mar 2024 02:04:39 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=62, mss=1326, tbw=62747, tp=-1, tpl=-1, uplat=47, ullat=1
pragma: public
x-fb-debug: Issjo7IqcTSNuYbzuWmDZeUqLU4JH08Yc5qSFCCqLNwMsrOXLOOgfphgcQXHFkFZoXgXbUxwNY04wJriLVv06Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/ 4 KB
2 KB 58ms
29ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c7d1349c2d47c2f850923ef3948b5ec6b8ec9647edd2cf281a23bf6689e2777

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 64866
content-md5: gOeuBNp0amlk+rCoL0fDUg==
content-length: 1488
x-ms-lease-status: unlocked
last-modified: Tue, 20 Feb 2024 11:14:13 GMT
server: cloudflare
etag: 0x8DC3205120C5D5D
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e1c4c870-601e-0039-60ee-63c29f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8648ef1cfe8f3a6c-FRA
expires: Sat, 16 Mar 2024 02:04:39 GMT

GET
H2 200 container.027d01df25f17066242db969c9bf2ade.js Show response
www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/ 6 KB
2 KB 15ms
15ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.027d01df25f17066242db969c9bf2ade.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe05972ec9e5bdd020c2cbdeae20d95d5643888ee2198c4ebf1145b1d60d30ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 117902
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-832120876"
content-length: 1572
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:14:37 GMT
server: cloudflare
etag: "17c3-611cd7a42bb36-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1cdaa22c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H2 200 csrf.a9dcac4698709ca8e1cbc88363cf0793.js Show response
www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/ 10 KB
3 KB 25ms
25ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 123904
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-141242245"
content-length: 2867
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Thu, 03 Nov 2022 13:15:32 GMT
server: cloudflare
etag: "27d9-5ec90c07784d5-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1cdaa42c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H2 200 clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/ 159 KB
32 KB 28ms
28ms Script
application/javascript 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7382dd06b3e2279c5e4046426b583c17f7bfd30377033a2049d1f7f1a13ddfe

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

expires: Sun, 14 Apr 2024 02:04:39 GMT
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains
age: 123904
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-496562579"
content-length: 29567
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Fri, 08 Mar 2024 03:46:35 GMT
server: cloudflare
etag: "27b56-6131e09d2caf5-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1cdaa52c42-FRA
clientname: flagstar

GET v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/ 0
0

GET
H2 200 pnapi_integration-latest.min.js Show response
solutions.invocacdn.com/js/ 124 KB
38 KB 72ms
15ms Script
text/javascript 18.173.187.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-104.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 8e401b8a68c8c3bfa7e4711dc68e48f6bc0341f325ea1814bb575f9f6bd0de56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: jrSNisU5ykeqt.1GAR3ZWMADf5KD2HPp
content-encoding: br
via: 1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
date: Fri, 15 Mar 2024 01:47:15 GMT
x-amz-cf-pop: MUC50-P4
age: 1188
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 23 Jan 2024 21:42:17 GMT
server: AmazonS3
etag: W/"ce530d44fb07528350b1354e401eb557"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
cache-control: max-age=3600
x-amz-cf-id: DDDFBvUaC1HdvCJmtmQBQ4Ao8ZTotwnUuYsq8uH8yq3h23daMkpS-w==

GET
H2 200 hero-2_ready-checking0324.jpg.thumb.1121.1121.jpg
www.flagstar.com/content/dam/newco/personal/banking/hero-images/ 63 KB
66 KB 16ms
16ms Image
image/jpeg 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.flagstar.com/content/dam/newco/personal/banking/hero-images/hero-2_ready-checking0324.jpg.thumb.1121.1121.jpg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d75e46efa71b6e8fcadaab864129cb1f0adad20b3a05fd040898056c106bb5d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 110008
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="-2123695433"
content-length: 64533
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
cf-bgj: h2pri
last-modified: Wed, 13 Mar 2024 14:05:15 GMT
server: cloudflare
etag: W/"fc15-6138b439080ec"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
cf-ray: 8648ef1cfabd2c42-FRA
expires: Sun, 14 Apr 2024 02:04:39 GMT

GET
H/1.1 200
OK MultiNoun.jsonp Show response
d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/ 226 B
591 B 858ms
98ms Script
text/javascript 13.109.189.112
SALESFORCE

General

Check archive.org

Show headers Download Go to

Full URL

https://d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.109.189.112 , United States, ASN14340 (SALESFORCE, US),

Reverse DNS

dcl14-ncg1-c5-iad4.la2-c2-ia4.salesforceliveagent.com

Software

Resource Hash

f8b1c5fae8f980d70c3b3e97b499fe59729cbbf97d93b964409030a80b3b6b65

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma: no-cache
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: close
Expires: -1

POST
H2 200 3202410
answers.yext-pixel.com/realtimeanalytics/data/answers/ 0
319 B 190ms
112ms Ping
text/plain 2606:4700::6811:45f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://answers.yext-pixel.com/realtimeanalytics/data/answers/3202410
Requested by: Host: assets.sitescdn.net
URL: https://assets.sitescdn.net/answers-search-bar/v1.5/answers.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:45f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.flagstar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Fri, 15 Mar 2024 02:04:40 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 8648ef1d8d7e363b-FRA
content-length: 0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/ 430 KB
105 KB 23ms
23ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.2.0/otBannerSdk.js

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6972c49e66fe3c5026a1a1e26a06c49995cec36fc522cb56461f5cf0b2b2978

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ekgyiOgvSPjNzcyXVUS11Q==
age: 29078
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 106739
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 11:26:28 GMT
server: cloudflare
etag: 0x8DC3E996ED117D9
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e31c6377-501e-009b-7f34-71f886000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8648ef1d28b33637-FRA

GET
H2 200 tag-live.js Show response
solutions.invocacdn.com/js/networks/1429/2586959106/ 9 KB
2 KB 419ms
419ms Script
text/javascript 18.173.187.104
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://solutions.invocacdn.com/js/networks/1429/2586959106/tag-live.js
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.173.187.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-173-187-104.muc50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: b6ad7b1558f6bbd01707081eb925ffab4c53bd282a9f74bd39e45f3823dac777

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: .LDHfqWkvZVq.2IEGzmVTFkGAGNKK7Un
content-encoding: br
via: 1.1 0a93e5f50864322b5cd49038d9c83154.cloudfront.net (CloudFront)
date: Fri, 15 Mar 2024 02:04:41 GMT
last-modified: Fri, 23 Feb 2024 22:47:27 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P4
x-amz-server-side-encryption: AES256
etag: W/"358f5032aa14e7ea70850ce2a94aa852"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: text/javascript
cache-control: max-age=300
x-amz-replication-status: COMPLETED
x-amz-cf-id: 1Ob6LqySNF85c7TFOx5zQqX01ymfY4qNAdeU6Y3lfMXnFyajyXewvg==

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/ 77 KB
17 KB 28ms
28ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/en.json

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27a1c8f923d6e59c604e23b86d1635e5edcec6b40b42a7c30c8b30565d2dd566

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 28747
content-md5: lH5Jie6VQSwJypYWxH2auA==
content-length: 17576
x-ms-lease-status: unlocked
last-modified: Tue, 20 Feb 2024 11:14:14 GMT
server: cloudflare
etag: 0x8DC32051264F7D4
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 17b81c5b-e01e-007a-06ee-6324c3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8648ef1d7ece3a6c-FRA
expires: Sat, 16 Mar 2024 02:04:39 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/ 13 KB
3 KB 23ms
23ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otFlat.json

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: BhDz7QN6NZvDbVeQXXKKbA==
age: 31269
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3041
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 11:26:21 GMT
server: cloudflare
etag: 0x8DC3E996A8D0BAE
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: eb5a157e-501e-0050-164b-71fbd3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8648ef1dbef73a6c-FRA

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/ 63 KB
14 KB 21ms
21ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/otPcTab.json

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d18f313f2489ed91cd15cf94a1e5668b8b0da8318f593d980228000a1757702f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: +VcLy0Fhvi3ZWKBwz9NNzQ==
age: 31269
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13587
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 11:26:24 GMT
server: cloudflare
etag: 0x8DC3E996C0939E8
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: f817fef8-701e-000a-5c4b-719d34000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8648ef1dbef83a6c-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/ 21 KB
4 KB 23ms
23ms Fetch
text/css 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otCommonStyles.css

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: c7xAZ9MSGAobGaTYg/Qtag==
age: 31269
x-ms-lease-status: unlocked
last-modified: Thu, 07 Mar 2024 11:26:34 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 6f364942-b01e-0005-634b-71eb58000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8648ef1dbefa3a6c-FRA

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
600 B 23ms
23ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 37905
x-ms-lease-status: unlocked
last-modified: Thu, 14 Mar 2024 03:33:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 9363e28d-d01e-0061-56cc-751ac0000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8648ef1de8fd3637-FRA

GET
H2 200 Fellix-Bold.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/ 51 KB
55 KB 19ms
19ms Font
font/woff 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Bold.woff

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe0f33a2350724f28a0cc88dde554347b209fc0b3077a579072e830dc38d2f74

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.46dbc4b8e8479098326272ed3c632026.css
Origin: https://www.flagstar.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

clientname: flagstar
date: Fri, 15 Mar 2024 02:04:39 GMT
content-security-policy: default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: HIT
age: 999
x-cnection: close
server-timing: dtSInfo;desc="0", dtRpid;desc="1043754690", dtTao;desc="1"
content-length: 52512
x-xss-protection: 1; mode=block
x-ua-compatible: IE=Edge
last-modified: Tue, 20 Feb 2024 10:22:56 GMT
server: cloudflare
etag: "cd20-611cd980fc285:dtagent10285240307101407wwwp"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: font/woff
cache-control: public, max-age=14400
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8648ef1deb3d2c42-FRA
expires: Fri, 15 Mar 2024 06:04:39 GMT

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
517 B 21ms
21ms Fetch
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 21884
x-ms-lease-status: unlocked
last-modified: Thu, 14 Mar 2024 03:33:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 72ff660e-201e-0091-2102-765c31000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8648ef1dff123a6c-FRA

GET
H2 200 FlagstarLogo.png
cdn.cookielaw.org/logos/fece6da3-6c93-46cb-8681-184cab7c0c91/1900e3f8-1fc1-45c1-8af1-c1c929d00bdd/5b7ef6ff-4828-48d7-a216-676a7b8dd43d/ 4 KB
4 KB 23ms
22ms Image
image/png 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/fece6da3-6c93-46cb-8681-184cab7c0c91/1900e3f8-1fc1-45c1-8af1-c1c929d00bdd/5b7ef6ff-4828-48d7-a216-676a7b8dd43d/FlagstarLogo.png

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

58216c10226af4d1473ae3f58dc88dccc9bbbc25f0a7a29ed04476f89b7fc636

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: OFjPyh2wbGYpiy35IKRXYQ==
age: 36741
content-length: 4357
x-ms-lease-status: unlocked
last-modified: Wed, 07 Feb 2024 02:13:11 GMT
server: cloudflare
etag: 0x8DC278255C4642F
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 95904a90-801e-006c-2a52-61d214000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8648ef1df9073637-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 24ms
24ms Image
image/svg+xml 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 15 Mar 2024 02:04:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 29080
x-ms-lease-status: unlocked
last-modified: Thu, 14 Mar 2024 03:33:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 22b64d19-101e-009a-5cc3-75a75a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8648ef1e09083637-FRA

POST
H2 200 interact Show response
adobedc.demdex.net/ee/v1/ 731 B
920 B 98ms
36ms Fetch
application/json 63.140.62.27
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://adobedc.demdex.net/ee/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=6fe3b0ec-1628-4472-b490-ca4e210efa7c

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.27 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-27.data.adobedc.net

Software

jag /

Resource Hash

96eb304d4364dc9469ef8cb5bf7a9bd9f81dc089d78f16be5d69f5c2f26cf65b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.flagstar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Fri, 15 Mar 2024 02:04:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
server: jag
vary: Origin
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.flagstar.com
access-control-expose-headers: Retry-After, X-Adobe-Edge, X-Request-ID
x-adobe-edge: IRL1;6
access-control-allow-credentials: true
x-konductor: N/A
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-request-id: 6fe3b0ec-1628-4472-b490-ca4e210efa7c

GET
H/1.1 200
OK na.jsonp Show response
pnapi.invoca.net/1429/ 197 B
375 B 456ms
119ms Script
text/plain 44.212.194.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.30.6&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22calling_page%22%3A%22%2F%22%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22journey%22%3A%22%2F%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22invoca_id%22%3A%22i-9491661a-76d6-4e40-a113-8a05c1d03f3a%22%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%22%3A%22%22%2C%22cores%22%3A17%2C%22platform%22%3A%22Win32%22%2C%22screenWidth%22%3A1600%2C%22screenHeight%22%3A1200%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22beaconSupported%22%2C%22counter%22%5D%5D&jsoncallback=json_rr1&
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.212.194.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-212-194-12.compute-1.amazonaws.com
Software: Goliath /
Resource Hash: 4be5da7f6f80189933ea5492a01f0f6a1c1c3caf7c8f6bd0fb962940850a1b3b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 15 Mar 2024 02:04:40 GMT
Server: Goliath
Connection: keep-alive
processing_time: 8.59367ms
Content-Length: 197

GET
H/1.1 200
OK Settings.jsonp Show response
d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/ 723 B
709 B 580ms
97ms Script
text/javascript 13.110.255.220
SALESFORCE

General

Check archive.org

Show headers Download Go to

Full URL

https://d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp?sid=184f942d-4feb-426c-af3a-2adeb5a8dcb3&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

13.110.255.220 , United States, ASN14340 (SALESFORCE, US),

Reverse DNS

dcl16-ncg1-c6-iad5.la5-c1-ia5.salesforceliveagent.com

Software

Resource Hash

56bdb92467de1deec700520f4b4baacefcbd20190c42be23f29091bffe43125b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Pragma: no-cache
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: close
Expires: -1

GET
H2 200 iframe_api Show response
www.youtube.com/ 993 B
2 KB 138ms
60ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

21da9e1fec457aa9dd05d17d1cd8c5f63f7cdab36791550bfb81a3f3b1f1614e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 02:04:41 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: br
content-security-policy-report-only: base-uri 'self';default-src 'self' https: blob:;font-src https: data:;img-src https: data: android-webview-video-poster:;media-src blob: https:;object-src 'none';report-uri /cspreport/common;script-src 'report-sample' 'nonce-MywYcePV0D7HKI9EaRcCew' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';style-src https: 'unsafe-inline'
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
server: ESF
x-frame-options: SAMEORIGIN
vary: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factor, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-type: text/javascript; charset=utf-8
report-to: {"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
cache-control: private, max-age=0
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factor=*, ch-ua-platform=*, ch-ua-platform-version=*
origin-trial: AvC9UlR6RDk2crliDsFl66RWLnTbHrDbp+DiY6AYz/PNQ4G4tdUTjrHYr2sghbkhGQAVxb7jaPTHpEVBz0uzQwkAAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTcxOTUzMjc5OSwiaXNTdWJkb21haW4iOnRydWV9
cross-origin-opener-policy-report-only: same-origin; report-to="youtube_main"
expires: Fri, 15 Mar 2024 02:04:41 GMT

GET
H2 200 RC932eb8ff10dd4ad4a107497eae6b5445-source.min.js Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/25cd741c61dc/ 751 B
665 B 91ms
91ms Script
application/x-javascript 2a02:26f0:3100:782::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/25cd741c61dc/RC932eb8ff10dd4ad4a107497eae6b5445-source.min.js
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:782::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: ae36a16abb29e655bd90f90c82766d6dcb7bf2220b63335f2320e241a858e09b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 02:04:41 GMT
content-encoding: gzip
last-modified: Wed, 06 Mar 2024 18:40:00 GMT
server: AkamaiNetStorage
etag: "569082faa7c7cc2779c619daba15de16:1709750400.386534"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.flagstar.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 408
expires: Fri, 15 Mar 2024 03:04:41 GMT

GET
H2 200 RC16d7e6bf9991438aae4d2fdf78410573-source.min.js Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/25cd741c61dc/ 1000 B
661 B 91ms
91ms Script
application/x-javascript 2a02:26f0:3100:782::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/25cd741c61dc/RC16d7e6bf9991438aae4d2fdf78410573-source.min.js
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3100:782::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5a6fa2d9aa2a95181f462eef05b2801b3e5ba827ce028ba07636dfa0d773cdff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Fri, 15 Mar 2024 02:04:41 GMT
content-encoding: gzip
last-modified: Wed, 06 Mar 2024 18:40:00 GMT
server: AkamaiNetStorage
etag: "569082faa7c7cc2779c619daba15de16:1709750400.386534"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.flagstar.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 404
expires: Fri, 15 Mar 2024 03:04:41 GMT

GET
H2 200 www-widgetapi.js Show response
www.youtube.com/s/player/d552837c/www-widgetapi.vflset/ 215 KB
67 KB 36ms
35ms Script
text/javascript 2a00:1450:4001:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/s/player/d552837c/www-widgetapi.vflset/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

587e27c05d21f2a92b096fc6eb77b7cc634bf7462c04eb96a9ae78294c1c0eba

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 14 Mar 2024 23:41:45 GMT
content-encoding: br
x-content-type-options: nosniff
age: 8576
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 68272
x-xss-protection: 0
last-modified: Wed, 13 Mar 2024 04:18:59 GMT
server: sffe
vary: Accept-Encoding, Origin
report-to: {"group":"youtube","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube"}]}
content-type: text/javascript
cache-control: public, max-age=31536000
accept-ranges: bytes
cross-origin-opener-policy-report-only: same-origin; report-to="youtube"
expires: Fri, 14 Mar 2025 23:41:45 GMT

POST
H2 200 interact Show response
edge.adobedc.net/ee/irl1/v1/ 522 B
710 B 96ms
40ms Fetch
application/json 63.140.62.17
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://edge.adobedc.net/ee/irl1/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=5737086e-b7f7-45d5-9df2-7d876e2056e4

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.17 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-17.data.adobedc.net

Software

jag /

Resource Hash

10068df040a5c33dea4ce6b86a5b27d171cc9ccbf6b8a0255090db5b65d47ad9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.flagstar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Fri, 15 Mar 2024 02:04:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
server: jag
vary: Origin
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.flagstar.com
access-control-expose-headers: Retry-After, X-Adobe-Edge, X-Request-ID
x-adobe-edge: IRL1;6
access-control-allow-credentials: true
x-konductor: N/A
cache-control: no-cache, no-store, max-age=0, no-transform, private
x-xss-protection: 1; mode=block
x-request-id: 5737086e-b7f7-45d5-9df2-7d876e2056e4

GET
H/1.1 200
OK na.jsonp Show response
pnapi.invoca.net/1429/ 197 B
376 B 119ms
119ms Script
text/plain 44.212.194.12
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.30.6&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22invoca_id%22%3A%22i-9491661a-76d6-4e40-a113-8a05c1d03f3a%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22adobe_id%22%3A%22not_found%22%2C%22Agent%22%3Anull%2C%22branch_address%22%3Anull%2C%22branch_city%22%3Anull%2C%22branch_code%22%3Anull%2C%22branch_name%22%3Anull%2C%22branch_state%22%3Anull%2C%22calling_page%22%3A%22%2F%22%2C%22callTreatment%22%3Anull%2C%22CID%22%3Anull%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22dclid%22%3Anull%2C%22Disposition%22%3Anull%2C%22e%22%3Anull%2C%22email_name%22%3Anull%2C%22ga_session_id%22%3Anull%2C%22gclid%22%3Anull%2C%22gclsrc%22%3Anull%2C%22g_cid%22%3A%22not_found%22%2C%22j%22%3Anull%2C%22jb%22%3Anull%2C%22journey%22%3A%22%2F%22%2C%22l%22%3Anull%2C%22Lead_Record_Type%22%3Anull%2C%22LOB%22%3Anull%2C%22mid%22%3Anull%2C%22msclkid%22%3Anull%2C%22offline_destination%22%3Anull%2C%22Opportunity_Record_Type%22%3Anull%2C%22Parent_Campaign_Name%22%3Anull%2C%22profile_name%22%3Anull%2C%22sk%22%3Anull%2C%22ua%22%3Anull%2C%22utm_campaign%22%3Anull%2C%22utm_content%22%3Anull%2C%22utm_term%22%3Anull%2C%22verified_zip%22%3Anull%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%22%3A%22%22%2C%22cores%22%3A17%2C%22platform%22%3A%22Win32%22%2C%22screenWidth%22%3A1600%2C%22screenHeight%22%3A1200%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22initialLoad%22%2C1710468279894%5D%2C%5B%22startRun%22%2C1710468280321%5D%2C%5B%22startCollectPlacements%22%2C1710468280323%5D%2C%5B%22endCollectPlacements%22%2C1710468280357%5D%2C%5B%22startMapNumberRequest%22%2C1710468280357%5D%2C%5B%22endMapNumberRequest%22%2C1710468280816%5D%2C%5B%22endNumberReplacement%22%2C1710468280816%5D%2C%5B%22startWaitForData%22%2C1710468281358%5D%2C%5B%22endWaitForData%22%2C1710468282421%5D%5D&jsoncallback=json_rr2&
Requested by: Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.212.194.12 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-212-194-12.compute-1.amazonaws.com
Software: Goliath /
Resource Hash: b00fdc2bfc57f28137b45d5cf45c52d64dce8e0efcf7d12cd579152f558da0bc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.flagstar.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Fri, 15 Mar 2024 02:04:42 GMT
Server: Goliath
Connection: keep-alive
processing_time: 10.67365ms
Content-Length: 197

POST
H2 200 rb_05a5443f-7bda-433a-9644-5a320a8634a5 Show response
www.flagstar.com/ 121 B
241 B 192ms
192ms Fetch
text/plain 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_1_sn_AA845E59EFA12F555B304A43C130D794_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=1&flavor=post&vi=RRRTCMGUHHPKAHMCURUPNMSPBGIBFHCE-0&modifiedSince=1710194508709&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=1287577849&en=ov27eoh7&end=1

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2eccf0ca41738afa4ded8c17aa946fbc2dc6b762e28fae5c4e978cd577958b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.flagstar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-ua-compatible: IE=Edge
date: Fri, 15 Mar 2024 02:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
x-cnection: close
cf-ray: 8648ef329e2c2c42-FRA
content-length: 132
x-xss-protection: 1; mode=block
clientname: flagstar

POST
H2 200 rb_05a5443f-7bda-433a-9644-5a320a8634a5 Show response
www.flagstar.com/ 121 B
192 B 213ms
212ms Fetch
text/plain 172.64.146.116
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

172.64.146.116 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2eccf0ca41738afa4ded8c17aa946fbc2dc6b762e28fae5c4e978cd577958b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.flagstar.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-ua-compatible: IE=Edge
date: Fri, 15 Mar 2024 02:04:43 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains
cf-cache-status: DYNAMIC
server: cloudflare
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/plain; charset=utf-8
x-cnection: close
cf-ray: 8648ef34efac2c42-FRA
content-length: 132
x-xss-protection: 1; mode=block
clientname: flagstar

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: static.cloudflareinsights.com
URL: https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317

Verdicts & Comments Add Verdict or Comment

142 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

29 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.flagstar.com/	1969-12-31 23:59:59	Name: _cfuvid Value: MtWSJaitzCj9lEvXxMH0NMZYb0TOwgJJ04leRSqy8MU-1710468278045-0.0.1.1-604800000
.flagstar.com/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_1_sn_AA845E59EFA12F555B304A43C130D794_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1
flagstar.com/	1969-12-31 23:59:59	Name: f5avraaaaaaaaaaaaaaaa_session_ Value: CHAHJDGHIGDLMFGIDPKCGAADGCBGNBLFIPFGPGMNIICMPKPKFNEFHKFLDGOGMBPGLOKDOJGGLMCOMKADJLLAMLKDGKFNCPOEGJMGPIDHBFDAPCBHDFHLPNHDEFKBGKOB
.flagstar.com/	1970-01-20 19:07:50	Name: __cf_bm Value: iKaRQ28i39NHSyeLyLEUeSkXvcu2b5iVvUpnYV_ti44-1710468278-1.0.1.1-srPSXYWZhMkoj9hxKCVCfBRH6Mvbtqeqht4XBiA36yHdbijkA_fNXnDk7IPaZp7CwmWqnvc_cefBUIeLI922qw
.flagstar.com/	1970-01-21 03:53:24	Name: home Value: personal
www.flagstar.com/	1969-12-31 23:59:59	Name: f5avraaaaaaaaaaaaaaaa_session_ Value: PMADDDCMMEJPOLJKJMBALIMGMBGJDGCBELPONAFILPLLGNCGJOPHEMHCEGHHADFNBFODGGPCLMCNBGBCDILABAIOGKHDIAIJGCGDCLLNKGIADLKOJHHODOAHFIPGMENM
.flagstar.com/	1969-12-31 23:59:59	Name: __cfruid Value: ea677df6b2c21117817f555bf0f872387b11f474-1710468278
.flagstar.com/	1969-12-31 23:59:59	Name: rxVisitor Value: 1710468278569MHCDE8KU6MFEOPB1PO4KSH50D0AEHM30
.flagstar.com/	1969-12-31 23:59:59	Name: dtSa Value: -
.sitescdn.net/	1970-01-20 19:07:50	Name: __cf_bm Value: 1E6u2k..w6_Fftxv2POGFSFLcsvryROcEJVJjnJWhYw-1710468278-1.0.1.1-jqBWZNEGQjcE7TQrNZDfxCo_FjeKJowq1Ic1_OL9I5_wcf9Bmhh8yuT64XXWqlSlljlZVjmuEUHwnfNNQ0unTA
www.flagstar.com/	1970-01-21 03:53:24	Name: liveagent_oref Value:
.flagstar.com/	1970-01-21 03:53:24	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Fri+Mar+15+2024+03%3A04%3A39+GMT%2B0100+(Central+European+Standard+Time)&version=202401.2.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.flagstar.com%2F&groups=1%3A1%2C3%3A1%2CBG4%3A1%2C2%3A1%2C4%3A1
.answers.yext-pixel.com/	1970-01-20 19:07:50	Name: __cf_bm Value: LP1UEU_9SNzfEhIPpIAkz6SDLKi6lIBczd0AYeuj3XU-1710468280-1.0.1.1-4XCkK2RhtfyJHS2UmTPlb1pO0q2Fo5fD0Za9E9579yxYhl3y7zPlvJ6379E4.cr8pVmdBYap2Z_0hxH6Nffkq5qYZO1IqQDc0J.VKM0_AFs
.demdex.net/	1970-01-20 23:27:00	Name: demdex Value: 01623162338709358111470026965976573125
.flagstar.com/	1970-01-21 04:36:36	Name: kndctr_1D3E7E5B5E4E87670A495C47_AdobeOrg_identity Value: CiYwODQ5OTA4MDE2Njk3Nzg5Mjc3MjE1NjQ1NzQ5NzAyNTA2MzA2N1ITCJbe6v7jMRABGAEqBElSTDEwAPABlt7q_uMx
.flagstar.com/	1970-01-20 19:07:50	Name: kndctr_1D3E7E5B5E4E87670A495C47_AdobeOrg_cluster Value: irl1
.flagstar.com/	1970-01-21 04:29:24	Name: AMCV_1D3E7E5B5E4E87670A495C47%40AdobeOrg Value: MCMID\|08499080166977892772156457497025063067
www.flagstar.com/	1969-12-31 23:59:59	Name: liveagent_sid Value: 184f942d-4feb-426c-af3a-2adeb5a8dcb3
www.flagstar.com/	1970-01-21 03:53:24	Name: liveagent_vc Value: 2
www.flagstar.com/	1970-01-21 03:53:24	Name: liveagent_ptid Value: 184f942d-4feb-426c-af3a-2adeb5a8dcb3
.flagstar.com/	1969-12-31 23:59:59	Name: rxvt Value: 1710470081282\|1710468278570
.flagstar.com/	1969-12-31 23:59:59	Name: dtPC Value: 1$468278567_620h-vRRRTCMGUHHPKAHMCURUPNMSPBGIBFHCE-0e0
.youtube.com/	1969-12-31 23:59:59	Name: YSC Value: zznO4WS5UCI
.youtube.com/	1970-01-20 23:27:00	Name: VISITOR_INFO1_LIVE Value: 1Xfn2vsVwlY
.youtube.com/	1970-01-20 23:27:00	Name: VISITOR_PRIVACY_METADATA Value: CgJERRIEEgAgYA%3D%3D
.flagstar.com/	1969-12-31 23:59:59	Name: s_ips_aep Value: 1200
.flagstar.com/	1969-12-31 23:59:59	Name: s_tp_aep Value: 5595
.flagstar.com/	1969-12-31 23:59:59	Name: s_ppv_aep Value: flagstar%253Ahome%2C21%2C21%2C1200%2C1%2C4
.flagstar.com/	1970-01-21 04:43:48	Name: invoca_session Value: %7B%22ttl%22%3A%222024-04-14T01%3A04%3A42.543Z%22%2C%22session%22%3A%7B%22invoca_id%22%3A%22i-9491661a-76d6-4e40-a113-8a05c1d03f3a%22%7D%2C%22config%22%3A%7B%22ce%22%3Atrue%2C%22fv%22%3Afalse%2C%22rn%22%3Afalse%7D%7D

85 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-common.3eb7a162166ff06ffd28c4cd55a66762.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/(Line 54) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-qhgxUidAxpI61s6fC4oidOnIXh4YBx9gB4KhfhKaWJs='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-autonumeric.d47f6d13b8b6fba73490357cd7b2bc71.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://c.la5-c1cs-ia5.salesforceliveagent.com/content/g/js/60.0/deployment.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js(Line 9) Message: [Report Only] Refused to load the script 'https://connect.facebook.net/en_US/fbevents.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/(Line 230) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-kuBb8jTNZVbJv73RHw0pSo6Vi2a9y+X+E247iIh4hMU='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/(Line 286) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-HgrRV4s85ViOaoj4909QPVzS72HJvzSzQYei/F2N65c='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/(Line 293) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-HER/jskqeExREA0uau3nCpOVwt/dRxB1pt2yMGSYxbQ='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/(Line 300) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-RjesZcdQQRCM9vT7P0P0fwX68WhoV0arrO73tnkaUHY='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://assets.sitescdn.net/answers-search-bar/v1.5/answers.min.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://assets.sitescdn.net/answers-search-bar/v1.5/answers.min.js(Line 170) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js(Line 1) Message: [Report Only] Refused to load the script 'https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/otSDKStub.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://assets.sitescdn.net/answers-search-bar/v1.5/answerstemplates.compiled.min.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/content/dam/newco/script/Answers.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/(Line 10938) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-L5nWFUoz/R6mC5BSv5horz4LmUNTzODcGw4NyDaBYvk='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.e86d9f0f1a3ad6fa2a8f0115739d3c22.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.027d01df25f17066242db969c9bf2ade.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 256) Message: [Report Only] Refused to connect to 'https://www.flagstar.com/libs/granite/csrf/token.json' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.e86d9f0f1a3ad6fa2a8f0115739d3c22.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://connect.facebook.net/en_US/fbevents.js(Line 23) Message: [Report Only] Refused to load the script 'https://connect.facebook.net/signals/config/1507898736628275?v=2.9.149&r=stable&domain=www.flagstar.com&hme=8b8eb2472f555e54a8b57f2b720f9bd3b1bc6aed031525376dd772ba51107995&ex_m=63%2C107%2C95%2C99%2C54%2C3%2C89%2C62%2C14%2C87%2C80%2C45%2C47%2C153%2C156%2C167%2C163%2C164%2C166%2C26%2C90%2C46%2C69%2C165%2C148%2C151%2C160%2C161%2C168%2C116%2C13%2C44%2C172%2C171%2C118%2C16%2C30%2C33%2C1%2C37%2C58%2C59%2C60%2C64%2C84%2C15%2C12%2C86%2C83%2C82%2C96%2C98%2C32%2C97%2C27%2C23%2C149%2C152%2C125%2C25%2C9%2C10%2C11%2C5%2C6%2C22%2C19%2C20%2C50%2C55%2C57%2C67%2C91%2C24%2C68%2C8%2C7%2C72%2C42%2C18%2C93%2C92%2C17%2C74%2C79%2C41%2C40%2C78%2C34%2C36%2C77%2C49%2C75%2C29%2C38%2C66%2C0%2C85%2C4%2C81%2C73%2C76%2C2%2C31%2C56%2C35%2C94%2C39%2C71%2C61%2C100%2C53%2C52%2C28%2C88%2C51%2C48%2C43%2C70%2C65%2C21%2C101' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 256) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js(Line 1) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-v0akZBQ6aJsRnWgYjxB7GQEiU58hAlJvVuxoOMkM8KE='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js(Line 1) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-xWFmzJvIo6B0SCzFnz7shZyA9bGCnI77faORvXtwL3M='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.027d01df25f17066242db969c9bf2ade.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: [Report Only] Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ Message: Refused to load the script 'https://static.cloudflareinsights.com/beacon.min.js/v84a3a4012de94ce1a686ba8c167c359c1696973893317' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://*.salesforce-sites.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js(Line 6) Message: [Report Only] Refused to load the script 'https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 299) Message: [Report Only] Refused to load the script 'https://d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://assets.sitescdn.net/answers-search-bar/v1.5/answers.min.js(Line 170) Message: [Report Only] Refused to connect to 'https://answers.yext-pixel.com/realtimeanalytics/data/answers/3202410' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://assets.sitescdn.net/answers-search-bar/v1.5/answers.min.js(Line 170) Message: [Report Only] Refused to connect to 'https://answers.yext-pixel.com/realtimeanalytics/data/answers/3202410' because it violates the following Content Security Policy directive: "connect-src 'none'".
other	warning	URL: https://connect.facebook.net/signals/config/1507898736628275?v=2.9.149&r=stable&domain=www.flagstar.com&hme=8b8eb2472f555e54a8b57f2b720f9bd3b1bc6aed031525376dd772ba51107995&ex_m=63%2C107%2C95%2C99%2C54%2C3%2C89%2C62%2C14%2C87%2C80%2C45%2C47%2C153%2C156%2C167%2C163%2C164%2C166%2C26%2C90%2C46%2C69%2C165%2C148%2C151%2C160%2C161%2C168%2C116%2C13%2C44%2C172%2C171%2C118%2C16%2C30%2C33%2C1%2C37%2C58%2C59%2C60%2C64%2C84%2C15%2C12%2C86%2C83%2C82%2C96%2C98%2C32%2C97%2C27%2C23%2C149%2C152%2C125%2C25%2C9%2C10%2C11%2C5%2C6%2C22%2C19%2C20%2C50%2C55%2C57%2C67%2C91%2C24%2C68%2C8%2C7%2C72%2C42%2C18%2C93%2C92%2C17%2C74%2C79%2C41%2C40%2C78%2C34%2C36%2C77%2C49%2C75%2C29%2C38%2C66%2C0%2C85%2C4%2C81%2C73%2C76%2C2%2C31%2C56%2C35%2C94%2C39%2C71%2C61%2C100%2C53%2C52%2C28%2C88%2C51%2C48%2C43%2C70%2C65%2C21%2C101(Line 97) Message: Unrecognized feature: 'attribution-reporting'.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 299) Message: [Report Only] Refused to load the script 'https://cdn.cookielaw.org/scripttemplates/202401.2.0/otBannerSdk.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 299) Message: [Report Only] Refused to load the script 'https://solutions.invocacdn.com/js/networks/1429/2586959106/tag-live.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/en.json' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/en.json' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otFlat.json' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otFlat.json' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/otPcTab.json' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/otPcTab.json' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otCommonStyles.css' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otCommonStyles.css' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://adobedc.demdex.net/ee/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=6fe3b0ec-1628-4472-b490-ca4e210efa7c' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://adobedc.demdex.net/ee/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=6fe3b0ec-1628-4472-b490-ca4e210efa7c' because it violates the following Content Security Policy directive: "connect-src 'none'".
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js(Line 24) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js(Line 24) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js(Line 24) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 299) Message: [Report Only] Refused to load the script 'https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.30.6&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22calling_page%22%3A%22%2F%22%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22journey%22%3A%22%2F%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22invoca_id%22%3A%22i-9491661a-76d6-4e40-a113-8a05c1d03f3a%22%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%...dth%22%3A1600%2C%22screenHeight%22%3A1200%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22beaconSupported%22%2C%22counter%22%5D%5D&jsoncallback=json_rr1&' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 299) Message: [Report Only] Refused to load the script 'https://d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp?sid=184f942d-4feb-426c-af3a-2adeb5a8dcb3&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js(Line 2) Message: [Report Only] Refused to load the script 'https://www.youtube.com/iframe_api' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 299) Message: [Report Only] Refused to load the script 'https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/25cd741c61dc/RC932eb8ff10dd4ad4a107497eae6b5445-source.min.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js(Line 24) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js(Line 24) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://solutions.invocacdn.com/js/pnapi_integration-latest.min.js(Line 24) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'none'".
security	error	URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js(Line 1) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-8dQVF/M/bNznXU+2ZFtvtHlMWIKl+2K9ZEWSkWYDfIM='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 299) Message: [Report Only] Refused to load the script 'https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/25cd741c61dc/RC16d7e6bf9991438aae4d2fdf78410573-source.min.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.youtube.com/iframe_api(Line 2) Message: [Report Only] Refused to load the script 'https://www.youtube.com/s/player/d552837c/www-widgetapi.vflset/www-widgetapi.js' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js(Line 1) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'none'". Either the 'unsafe-inline' keyword, a hash ('sha256-sIE43Q9WRZ6dqDbFFOrzmT960605XwSxIb/ovzcMmd0='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://edge.adobedc.net/ee/irl1/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=5737086e-b7f7-45d5-9df2-7d876e2056e4' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 257) Message: [Report Only] Refused to connect to 'https://edge.adobedc.net/ee/irl1/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=5737086e-b7f7-45d5-9df2-7d876e2056e4' because it violates the following Content Security Policy directive: "connect-src 'none'".
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.flagstar.com/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js(Line 299) Message: [Report Only] Refused to load the script 'https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.30.6&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22invoca_id%22%3A%22i-9491661a-76d6-4e40-a113-8a05c1d03f3a%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22adobe_id%22%3A%22not_found%22%2C%22Agent%22%3Anull%2C%22branch_address%22%3Anull%2C%22branch_city%22%3Anull%2C%22branch_code%22%3Anull%2C%22branch_name%22%3Anull%2C%22branch_state%22%3Anull%2C%22calling_page%22%3A%22%2F%22%2...false%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22initialLoad%22%2C1710468279894%5D%2C%5B%22startRun%22%2C1710468280321%5D%2C%5B%22startCollectPlacements%22%2C1710468280323%5D%2C%5B%22endCollectPlacements%22%2C1710468280357%5D%2C%5B%22startMapNumberRequest%22%2C1710468280357%5D%2C%5B%22endMapNumberRequest%22%2C1710468280816%5D%2C%5B%22endNumberReplacement%22%2C1710468280816%5D%2C%5B%22startWaitForData%22%2C1710468281358%5D%2C%5B%22endWaitForData%22%2C1710468282421%5D%5D&jsoncallback=json_rr2&' because it violates the following Content Security Policy directive: "script-src 'none'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 236) Message: [Report Only] Refused to connect to 'https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_1_sn_AA845E59EFA12F555B304A43C130D794_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=1&flavor=post&vi=RRRTCMGUHHPKAHMCURUPNMSPBGIBFHCE-0&modifiedSince=1710194508709&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=1287577849&en=ov27eoh7&end=1' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 236) Message: [Report Only] Refused to connect to 'https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_1_sn_AA845E59EFA12F555B304A43C130D794_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=1&flavor=post&vi=RRRTCMGUHHPKAHMCURUPNMSPBGIBFHCE-0&modifiedSince=1710194508709&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=1287577849&en=ov27eoh7&end=1' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 236) Message: [Report Only] Refused to connect to 'https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_1_sn_AA845E59EFA12F555B304A43C130D794_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=1&flavor=post&vi=RRRTCMGUHHPKAHMCURUPNMSPBGIBFHCE-0&modifiedSince=1710194508709&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=4235110074&en=ov27eoh7&end=1' because it violates the following Content Security Policy directive: "connect-src 'none'".
security	error	URL: https://www.flagstar.com/ruxitagentjs_ICA27NVfghjqru_10285240307101407.js(Line 236) Message: [Report Only] Refused to connect to 'https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_1_sn_AA845E59EFA12F555B304A43C130D794_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=1&flavor=post&vi=RRRTCMGUHHPKAHMCURUPNMSPBGIBFHCE-0&modifiedSince=1710194508709&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=4235110074&en=ov27eoh7&end=1' because it violates the following Content Security Policy directive: "connect-src 'none'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'none'; connect-src 'self' .foresee.com .evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com .demdex.net .yext.com https://answers.yext-pixel.com .yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com .pgsdemo.com .pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://.flagstar.com https://.salesforce.com https://.salesforceliveagent.com https://.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://.evergage.com https://www.youtube.com assets.sitescdn.net .pagescdn.com .pgsdemo.com https://.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' .flagstar.com .youtube.com .demdex.net https://.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://.flagstar.com https://.fintactix.com .pagescdn.com .pgsdemo.com; frame-ancestors 'self' .flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' .foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com .flagstar.com https://.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

adobedc.demdex.net
answers.yext-pixel.com
assets.adobedtm.com
assets.sitescdn.net
c.la5-c1cs-ia5.salesforceliveagent.com
cdn.cookielaw.org
connect.facebook.net
d.la2-c2-iad.salesforceliveagent.com
d.la5-c1-ia5.salesforceliveagent.com
edge.adobedc.net
flagstar.com
pnapi.invoca.net
solutions.invocacdn.com
static.cloudflareinsights.com
www.flagstar.com
www.youtube.com
static.cloudflareinsights.com
13.109.189.112
13.110.253.93
13.110.255.220
172.64.146.116
18.173.187.104
2606:4700::6811:1854
2606:4700::6811:45f
2606:4700::6813:b234
2a00:1450:4001:806::200e
2a02:26f0:3100:782::1e80
2a03:2880:f083:100:face:b00c:0:3
44.212.194.12
63.140.62.17
63.140.62.27
022866fe426eaaadfb99d714ee1758358cecb9321084b8ae088749b375b64920
035c84a3e7aad2af24632b56b6c54926db5439e9172dd5a7e0dcc0f345f3fe77
090dccdc949d234690ab3c5084c4683087813babb20a034e37868642a63434dc
0bbcb1c065db429b64f24825abb404ee8795be695d726894813bddcb462476bf
0d75e46efa71b6e8fcadaab864129cb1f0adad20b3a05fd040898056c106bb5d
10068df040a5c33dea4ce6b86a5b27d171cc9ccbf6b8a0255090db5b65d47ad9
17782e1d400a735b7c5af2a63b531f265683ad60c74ae6b13897581a945b5d7d
1a584616981963ae61992fee36f95da1ca96818a1c68695354bd899e32307429
1c7d1349c2d47c2f850923ef3948b5ec6b8ec9647edd2cf281a23bf6689e2777
21da9e1fec457aa9dd05d17d1cd8c5f63f7cdab36791550bfb81a3f3b1f1614e
25042f6994a65e8b585909f22a8e983e6d2fec1cc3b88a0a85df6fea3ebe10fb
27a1c8f923d6e59c604e23b86d1635e5edcec6b40b42a7c30c8b30565d2dd566
27a930e516d39f72356590a4e737515c95aa3a9969b6c2fc12075710f9032998
27abd69045bfedd0501b68c979047543c77c576bbc1e9819f5c7654aef2914f7
2ec42dc868fd8626e9d5eeb98d4d888dba09f4a102fe399654abe79fd735e206
33dbf9d3f5f3d7695cd1c9753c24113044b3c1aa2cd21771fc5580327c0d5c28
3475c512749c10abccdeffe33c396580e23098635ab83c9f7d2987c076a457c6
36eb0ab37a2e2255bdff59a124eb2fac1fdec82f51f1b05be98f93b48116094e
38bc96c8a0910f32a8fcda24fdeaf7a9a5ce6ba89087e3be7b3200f75edbbd34
3e7ebc77bef7d40eb22899b7f5b44aa491a242afdb695d38ec8dd0f587d2f3ee
3f3a53cecd609c52d2d87a08dc9f074e8a907569526fc16631ae930b67b7fbcc
403ec99441cacff48156ea95969e9eb61fa80cdc67019f65b5f51fa903ad752f
41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc
42f8e50a352e82b164d07445e4a3ee7eb6e70e959a5ab08eebc3094a86530ec1
436098c0c6fe572bbaaea00d2293bc100c536e75592dc9bd73371eb1a09bea94
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
475123a04af4e549385e696417bd320a5bce09c8e380c91522041e00d2c22173
49053fa023e05f72834fb4858b8b6ea2ea9864f7a17113b3c42a425a2939adb4
4b7f19f0359b200b661e8f6ddd6cb71c15a213a1e944d16df9f4477cf616ec8c
4be5da7f6f80189933ea5492a01f0f6a1c1c3caf7c8f6bd0fb962940850a1b3b
4de9a2e13a638feaef7cfe74c34a7cf7876a971d6eaab169d59a7e383f5aa75e
56bdb92467de1deec700520f4b4baacefcbd20190c42be23f29091bffe43125b
58216c10226af4d1473ae3f58dc88dccc9bbbc25f0a7a29ed04476f89b7fc636
587e27c05d21f2a92b096fc6eb77b7cc634bf7462c04eb96a9ae78294c1c0eba
5a6fa2d9aa2a95181f462eef05b2801b3e5ba827ce028ba07636dfa0d773cdff
5d2fd2417b6b7947a591339e14fea06b882e12b780955ffc062d5bed534d9bbf
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
606ceda8954b51480b26eb5e9abd2d26d4d481d7dedeaa6afcec3ee5d6b39227
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
69ad19cf88e479ac6c2852625cabedc8a93a8e7ccd01b6c9e2ad527b3edc38e2
6e883915424fc156cca96b72d20b7ca928799d6d1d3b075db0d0eca941972915
7020139ce030f3be78d5b9a3282cb6622efe02bc26061df54caf96212cf20b4d
70740bb39befcad42f09bbff8a78e7f0503e3e4bf6361c858cea9423c8ad558c
75b249c7e3dfbfac8c0f8355dfd581ae8d2640a7853f9545f8022b75295d6978
7f2e0c9da687d8c85eda95732725ff81992c97091c85c1fb85e83e05bef4e740
801847061fa3bd28e46114c9091fd9f5997d929e74375a438a7aa7af517ffcf6
804454a2c411d8bb3a19ab0c282698955089bdd1f3e7114f880d85e919eb5910
82a5f96383e36ec0b545815cd2b03b0fbef250ec1957cd686a9b08cad3cc608b
84551b2fc5b4daf2d89a4bb712509343abf84878723f814701d42cd050237e7d
850738adf5732aeff29a17ba8804213f8073f9f2b7d5021b1ff6f1324c8ca9b9
85267fa4a3e908d0c2778fc27bf13b384d2353c2d12e8d4c78982a3cfaa9636e
89d46740e95d2d1e4f6d2b54f569e319515b0d89426ccfa4c33f13e1ca4ab6bc
8b8e6dd018656e2051b99145f8a306111351b21bcc97d67debb41b3f8f7a33ca
8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1
8e401b8a68c8c3bfa7e4711dc68e48f6bc0341f325ea1814bb575f9f6bd0de56
8ff54385f2146f44f6d729ffb360b04ca6f42fa3c49e185b517d5ab0ac02e9b5
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
923a8d9740f94f5c08fcd2f3be048e8689441a216c3be5c0784797d5017d02d5
92b60026dfcc6eb3bf8631ec3c25138b31110706ceec72d087c6e5b5fc8a5cab
952e9acd27a406f242f38222ef659d11dcbc82f3a1fe36e759441bfdbf7576ac
96387be010f65288928b24d9445e88bcdb99e30664b7d2d595a7ccda6f1c4dc6
96eb304d4364dc9469ef8cb5bf7a9bd9f81dc089d78f16be5d69f5c2f26cf65b
97df66242f23aaeb6bbc7d5e8c021a11c1bad6c4b5288ec452ee527862bc3b8c
9bd825a4b9767ceccf6c94f1d24a7d4cf63c0e743a4b536cb8eb9c31a550bbd4
9f7ef3b405d900ff0a094366a371e588b2b237bc32ee0ba137dd9867a2f20d7a
9f8a008d491ccf2d428c891130c9ae5571c4d7d76a7fd6ee0262f192d25185a2
9fc5fc887e2a0ad18a5136f7a2132ebcca631ca61e8669c52197a849c1b1aca1
a1d3a3e26c91ba85b3d9ac92db5f8335ea6994994a2538d4f47f5e919439d4c8
a6972c49e66fe3c5026a1a1e26a06c49995cec36fc522cb56461f5cf0b2b2978
a71bd54a0b412e2a987daa67d5203169a5973349249e9e563ebe78f9460ff2c1
a7382dd06b3e2279c5e4046426b583c17f7bfd30377033a2049d1f7f1a13ddfe
ac266bbd4cddf2d946abcbc7d9ee3a77800097e2524cba6c4dc0813cad1073b4
ae36a16abb29e655bd90f90c82766d6dcb7bf2220b63335f2320e241a858e09b
b00fdc2bfc57f28137b45d5cf45c52d64dce8e0efcf7d12cd579152f558da0bc
b262089aff66440a9664b16bc5541050a728ca80ce98c8756bd10353e5edde5d
b44994c64a6b67108462fe811a6ac32b4ea7bd9749931714c1d325b217841a67
b6ad7b1558f6bbd01707081eb925ffab4c53bd282a9f74bd39e45f3823dac777
bb0c0db8ccc7938c8d17d623e5e4055f8790a51a40c78f8fe57c2e24bbed567b
be235aeef05250ebd0496e4aff893fc4c2a0f459a18c2326517880b1fa779dea
c15be80fc6beae2d18d1857a2f844213581de0ad1adc13fbea090b61f71a5bf2
c25b79f044d5037c9792be55ae6b3cf18a56da5df5bd344431188ebaab031c03
ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65
cb90437e6e80e8e6aaa268b8d38efe74a691732163778001083b3582c15c861f
d18f313f2489ed91cd15cf94a1e5668b8b0da8318f593d980228000a1757702f
d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
d95c5ff2d630309c98b9fa89008f02881448bd953d96a69cc39f4335a4330b74
d9f9c1b8a5fa5db59d5f705edc27e4a3ffe9eedbcc225e622d2f8055c99f761c
def3cd591fff9b3958866afefa7cf7321de1d902dc9b85749986d6bc637deaf9
def9e061c234084f9709283b1982131b725bcc68b2ed4581f54d322103ee2f02
e043721061d784ae53cad3051b399b978c63ee392165535e32b567ee8340ee97
e0731a9c84bce53cb2a4ecaf08dc811585971a899fcbbb8d79e340efe56dcd95
e269b0b63b7b5e183e60cefac1e9cc41fc930789a18dc497384b427aa74ea1cb
e2cdba8b1ff0a5dc4a5f88b397ec0789788233467372c668ff43a5cb535dba27
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5182523f59ba1baecf5a1ebc9994231e088592a940331952aa3124db80a757f
e91a4a82211abaac9a085747cabc8125f2c8a0e5a8f4c207eca12c29aec0f2b2
e95e113bfeb440a09cd08c80ee6dd2c15931a4851163a0d8075135d57f6c131c
eb18a370dc69b64f842ecc758c3ef0611e62d3745e99528a1807ce5cc5a293fc
eba4e1c2cce29282aa8fa6dd71e6046399b06e5d408e2f4c2c2763642572c842
f2eccf0ca41738afa4ded8c17aa946fbc2dc6b762e28fae5c4e978cd577958b5
f453487a4e177cda0bbace5eb1ba7f468936488b95769b3de17349967e8fab9e
f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
f5954f0a829c02a8c57d814c998de13afa8d91f62cffdfe316c024bed3262d2e
f7cdf1b99e51212475107d8ee46cc03546111d482fc00c4708d76c9c2cffde17
f8b1c5fae8f980d70c3b3e97b499fe59729cbbf97d93b964409030a80b3b6b65
fc281ec22c64cb557de99d0e81bf687e833f1ae81479d510c07772c97cc2901d
fe05972ec9e5bdd020c2cbdeae20d95d5643888ee2198c4ebf1145b1d60d30ff
fe0f33a2350724f28a0cc88dde554347b209fc0b3077a579072e830dc38d2f74

www.flagstar.com Open in urlscan Pro 172.64.146.116 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

113 Requests

99 %HTTPS

43 %IPv6

13 Domains

16 Subdomains

15 IPs

2 Countries

1870 kBTransfer

4605 kBSize

29 Cookies

23 Outgoing links

Page URL History

Redirected requests

113 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.flagstar.com Open in urlscan Pro
172.64.146.116 Public Scan

Screenshot
Live screenshot

Full Image

113
Requests

99 %
HTTPS

43 %
IPv6

13
Domains

16
Subdomains

15
IPs

2
Countries

1870 kB
Transfer

4605 kB
Size

29
Cookies

113 HTTP transactions
6 data transactions