urlscan.io logo urlscan.io
SecurityTrails logo

www.setf.com Open in urlscan Pro
45.60.242.243  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.setf.com/%20
Submission: On November 21 via api from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 16 IPs in 4 countries across 11 domains to perform 50 HTTP transactions. The main IP is 45.60.242.243, located in United States and belongs to INCAPSULA, US. The main domain is www.setf.com. The Cisco Umbrella rank of the primary domain is 678062.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2023 Q4 on November 19th 2023. Valid for: 6 months.
This is the only time www.setf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 31 45.60.242.243 19551 (INCAPSULA)
1 151.101.0.114 54113 (FASTLY)
2 142.250.185.168 15169 (GOOGLE)
2 184.24.77.144 20940 (AKAMAI-ASN1)
2 146.75.121.230 54113 (FASTLY)
1 95.101.54.129 20940 (AKAMAI-ASN1)
2 142.250.185.142 15169 (GOOGLE)
2 13.107.213.44 8075 (MICROSOFT...)
1 104.16.126.175 13335 (CLOUDFLAR...)
2 216.239.34.36 15169 (GOOGLE)
1 74.125.133.157 15169 (GOOGLE)
2 20.114.189.135 8075 (MICROSOFT...)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 1 204.79.197.200 8068 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 35.241.45.82 396982 (GOOGLE-CL...)
50 16
31    45.60.242.243 (United States)

ASN19551 (INCAPSULA, US)
www.setf.com
1    151.101.0.114 (United States)

ASN54113 (FASTLY, US)
cdn.evgnet.com
2    142.250.185.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f8.1e100.net
www.googletagmanager.com
2    184.24.77.144 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-24-77-144.deploy.static.akamaitechnologies.com
use.typekit.net
2    146.75.121.230 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
resources.digital-cloud-west.medallia.com
1    95.101.54.129 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-54-129.deploy.static.akamaitechnologies.com
p.typekit.net
2    142.250.185.142 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f14.1e100.net
www.google-analytics.com
2    13.107.213.44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    104.16.126.175 (None, )

ASN13335 (CLOUDFLARENET, US)
unpkg.com
2    216.239.34.36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
1    74.125.133.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f157.1e100.net
stats.g.doubleclick.net
2    20.114.189.135 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
v.clarity.ms
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
1    204.79.197.200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
PTR: a-0001.a-msedge.net
c.bing.com
1    2a00:1450:4001:80f::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    35.241.45.82 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 82.45.241.35.bc.googleusercontent.com
udc-neb.kampyle.com
Apex Domain
Subdomains		 Transfer
31 setf.com
www.setf.com — Cisco Umbrella Rank: 678062
2 MB
6 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 827
v.clarity.ms — Cisco Umbrella Rank: 7292
c.clarity.ms — Cisco Umbrella Rank: 1405
27 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
region1.google-analytics.com — Cisco Umbrella Rank: 2462
21 KB
3 typekit.net
use.typekit.net — Cisco Umbrella Rank: 506
p.typekit.net — Cisco Umbrella Rank: 621
59 KB
2 medallia.com
resources.digital-cloud-west.medallia.com — Cisco Umbrella Rank: 4548
86 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
179 KB
1 kampyle.com
udc-neb.kampyle.com — Cisco Umbrella Rank: 2563
318 B
1 bing.com
c.bing.com — Cisco Umbrella Rank: 236
763 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 78
344 B
1 unpkg.com
unpkg.com — Cisco Umbrella Rank: 903
4 KB
1 evgnet.com
cdn.evgnet.com — Cisco Umbrella Rank: 3780
45 KB
50 11
Domain Requested by
31 www.setf.com 2 redirects www.setf.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 c.clarity.ms 1 redirects
2 v.clarity.ms www.clarity.ms
2 region1.google-analytics.com www.googletagmanager.com
2 www.clarity.ms www.googletagmanager.com
www.clarity.ms
2 resources.digital-cloud-west.medallia.com www.setf.com
resources.digital-cloud-west.medallia.com
2 use.typekit.net www.setf.com
use.typekit.net
2 www.googletagmanager.com www.setf.com
www.googletagmanager.com
1 udc-neb.kampyle.com
1 c.bing.com 1 redirects
1 stats.g.doubleclick.net www.google-analytics.com
1 unpkg.com www.setf.com
1 p.typekit.net use.typekit.net
1 cdn.evgnet.com www.setf.com
50 15

This site contains links to these domains. Also see Links.

Domain
exploretoyota.com
www.facebook.com
www.toyota.com
Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2023 Q4		 2023-11-19 -
2024-05-17		 6 months crt.sh
cdn.evergage.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-06 -
2024-03-04		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-21 -
2024-10-21		 a year crt.sh
*.digital-cloud-west.medallia.com
SSL.com RSA SSL subCA		 2023-11-01 -
2024-12-01		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-08-29 -
2024-08-29		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-02 -
2024-05-01		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-10-23 -
2024-01-15		 3 months crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 06		 2023-02-13 -
2024-02-08		 a year crt.sh
*.kampyle.com
SSL.com RSA SSL subCA		 2023-03-29 -
2024-02-28		 a year crt.sh

This page contains 5 frames:

Primary Page: https://www.setf.com/%20
Frame ID: 5C3D6700FA6EFB56611D74BEA3CFA3D2
Requests: 50 HTTP requests in this frame

Frame: https://www.setf.com/-/media/images/benefits/setf/animated-account-access-icon.svg
Frame ID: 122BAD30DF15E23FD9EB7AC888B46062
Requests: 1 HTTP requests in this frame

Frame: https://www.setf.com/-/media/images/benefits/setf/animated-account-alerts-icon.svg
Frame ID: FFF8962DDA102A2BD083ED78BB4937FE
Requests: 1 HTTP requests in this frame

Frame: https://www.setf.com/-/media/images/benefits/setf/animated-account-service-icon.svg
Frame ID: F79B16A73E90CDC70EAEC4B3B3C71BD0
Requests: 1 HTTP requests in this frame

Frame: https://www.setf.com/-/media/images/benefits/setf/animated-account-management-icon.svg
Frame ID: 05981DD3518A611DB403BA890DB9974F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Southeast Toyota FinanceClose

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource
Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

50
Requests

94 %
HTTPS

6 %
IPv6

11
Domains

15
Subdomains

16
IPs

4
Countries

2319 kB
Transfer

4617 kB
Size

32
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 28
  • https://www.setf.com/areas/SETF/fonts/ToyotaType-Regular.woff2 HTTP 301
  • https://www.setf.com/areas/setf/fonts/toyotatype-regular.woff2
Request Chain 29
  • https://www.setf.com/areas/SETF/fonts/ToyotaType-Semibold.woff2 HTTP 301
  • https://www.setf.com/areas/setf/fonts/toyotatype-semibold.woff2
Request Chain 48
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=9E675129200E48998AA96CEB46E3B9CB&RedC=c.clarity.ms&MXFR=3B2D731E5FC76911226E60CE5BC767FB HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9E675129200E48998AA96CEB46E3B9CB&MUID=28B87E6C805F6AB71FAC6DBC815F6B4D

50 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request %20
www.setf.com/ 		45 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3e8a3a6917bfd3ff92fcab283034490ea97033ca1441b238615a36a724cfe779
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
content-type
text/html; charset=utf-8
date
Tue, 21 Nov 2023 20:33:55 GMT
expires
-1
pragma
no-cache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
8-36375152-36375159 NNNN CT(111 202 0) RT(1700598833414 188) q(0 0 3 2) r(10 11) U24
x-xss-protection
1; mode=block
evergage.min.js
cdn.evgnet.com/beacon/jmfamily/production/scripts/ 		178 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.evgnet.com/beacon/jmfamily/production/scripts/evergage.min.js
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.0.114 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b942eed163cdb44aa4b80ebf3d38792073e99e3dbe3869793f1dbbc36fac9a23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
TClSkA3FfNyhrqeultvIVmAo_7.9E7gM
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
date
Tue, 21 Nov 2023 20:33:55 GMT
x-amz-request-id
70DZ7JVXV9H5TYP6
age
27
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-replication-status
PENDING
content-length
45949
x-amz-id-2
GAWZTEPyTvv7ty35XHN4o9XeBxLl2HNlHQBdQu6NI77q0bA8jO/AtM9rL8abCo/hiKuV8Jbv3cI=
x-served-by
cache-iad-kiad7000127-IAD, cache-fra-eddf8230123-FRA
x-amz-meta-evergage-sum
3c68786228de9552c039140ebb15d0002fcf7bfc
last-modified
Thu, 09 Nov 2023 12:41:20 GMT
server
AmazonS3
x-timer
S1700598836.852833,VS0,VE91
etag
"b39d80cda0399a51fed6f801e6d3ed3d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=120
accept-ranges
bytes
timing-allow-origin
*
x-amz-meta-evergage-beacon-ver
16
x-cache-hits
155993, 1
styles.css
www.setf.com/areas/setf/content/ 		773 KB
97 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/areas/setf/content/styles.css?v=1.0.8710.21748
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a9205ccce9892c91011fa72597c8d65c4f7014c1d3a9fb5179f721186c952377
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Mon, 06 Nov 2023 12:08:48 GMT
x-cdn
Imperva
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
etag
"0853ffa910da1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-iinfo
8-36375152-36375159 PNNN RT(1700598833414 1487) q(0 0 0 -1) r(1 1) U24
accept-ranges
bytes
content-length
97615
x-xss-protection
1; mode=block
gtm.js
www.googletagmanager.com/ 		301 KB
91 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-N86NDHC
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.168 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
99de51a21831d655b50c21c0909b5db075a5f5ebf0b38e951b0492fe487390ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:57 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
92939
x-xss-protection
0
last-modified
Tue, 21 Nov 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 21 Nov 2023 20:33:57 GMT
VisitorIdentification.js
www.setf.com/layouts/system/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/layouts/system/VisitorIdentification.js
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Thu, 28 Mar 2019 15:09:18 GMT
x-cdn
Imperva
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
etag
"0e3de3678e5d41:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-iinfo
8-36375152-36375303 NNNY CT(100 202 0) RT(1700598833414 1531) q(0 0 0 -1) r(1 1) U24
accept-ranges
bytes
content-length
910
x-xss-protection
1; mode=block
qxt4vzx.css
use.typekit.net/ 		3 KB
905 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/qxt4vzx.css
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.24.77.144 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-24-77-144.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
110acec63c257f1019a8b2faae468f20b280945296d9d5faa70669f696d5bb27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Tue, 21 Nov 2023 20:33:56 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
682
setf-logo-fullcolor.svg
www.setf.com/-/media/images/header/setf/ 		11 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/header/setf/setf-logo-fullcolor.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
526fbc46d7a83cf53f0e4bafcf4f2cf6a0291b0de72b193ad356f9b24f28e278
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:55 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Wed, 14 Jul 2021 14:17:53 GMT
x-cdn
Imperva
content-encoding
gzip
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375306 NNYY CT(100 201 0) RT(1700598833414 1535) q(0 0 0 -1) r(1 2) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="SETF-logo-FullColor.svg"
accept-ranges
bytes
x-xss-protection
1; mode=block
caps-lock-icon.svg
www.setf.com/-/media/images/vehicle-information/registration-sign-in-wizard/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/vehicle-information/registration-sign-in-wizard/caps-lock-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b99ecb06cb7e0104c1275a217955f9bd3484e35c5ab0177cd29f314c4e9b1f24
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:55 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Tue, 10 May 2022 00:54:36 GMT
x-cdn
Imperva
content-encoding
gzip
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375309 NNYY CT(96 195 0) RT(1700598833414 1540) q(0 0 0 -1) r(1 1) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="caps-lock-icon.svg"
accept-ranges
bytes
x-xss-protection
1; mode=block
mfa-icon.svg
www.setf.com/-/media/images/vehicle-information/mfa/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/vehicle-information/mfa/mfa-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
596418713ac119ccbd4699b7e2aca667eaed86875721bcfb2031c45a8408f0a3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:55 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Wed, 05 Apr 2023 12:25:32 GMT
x-cdn
Imperva
content-encoding
gzip
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375306 PNYy RT(1700598833414 1775) q(0 0 0 -1) r(2 2) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="mfa-icon.svg"
accept-ranges
bytes
x-xss-protection
1; mode=block
animated-account-access-icon.svg
www.setf.com/-/media/images/benefits/setf/ 		36 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/benefits/setf/animated-account-access-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
678c760e5775479a6a6c6d1faaddaad4d9716abeb937f240bc421494ec75c17a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:56 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Tue, 10 May 2022 19:43:43 GMT
x-cdn
Imperva
content-encoding
gzip
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375306 PNYy RT(1700598833414 1972) q(0 0 0 -1) r(2 2) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="Animated Account Access Icon.svg"
accept-ranges
bytes
x-xss-protection
1; mode=block
animated-account-management-icon.svg
www.setf.com/-/media/images/benefits/setf/ 		37 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/benefits/setf/animated-account-management-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
0d2f0dd095b40e08f606c88fd19a049234bee9cc79f139ab3821a848feaf61a3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:56 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Tue, 10 May 2022 19:43:19 GMT
x-cdn
Imperva
content-encoding
gzip
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375306 PNYy RT(1700598833414 2842) q(0 0 0 -1) r(1 1) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="Animated Account Management Icon.svg"
accept-ranges
bytes
x-xss-protection
1; mode=block
animated-account-service-icon.svg
www.setf.com/-/media/images/benefits/setf/ 		44 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/benefits/setf/animated-account-service-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
58dbc2b37d533d4f36ae46a226386c4a5b8051fe8d01950f52ba5d569705e632
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:57 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Tue, 10 May 2022 19:43:31 GMT
x-cdn
Imperva
content-encoding
gzip
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375306 PNYy RT(1700598833414 3779) q(0 0 0 -1) r(2 2) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="Animated Account Service Icon.svg"
accept-ranges
bytes
x-xss-protection
1; mode=block
animated-account-alerts-icon.svg
www.setf.com/-/media/images/benefits/setf/ 		42 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/benefits/setf/animated-account-alerts-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
bff25d30a567a3a9a9e76463dbb2b562f4254979e8d2de5056f12d443d481618
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:57 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Tue, 10 May 2022 19:43:03 GMT
x-cdn
Imperva
content-encoding
gzip
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375159 PNYN RT(1700598833414 3839) q(0 0 0 -1) r(1 1) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="Animated Account Alerts Icon.svg"
accept-ranges
bytes
x-xss-protection
1; mode=block
25054_set_toyotathon_setf_header_eventlogo.png
www.setf.com/-/media/images/reusablecontent/ads/setf/set-offers/html_event_logo_200x50/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/reusablecontent/ads/setf/set-offers/html_event_logo_200x50/25054_set_toyotathon_setf_header_eventlogo.png?h=50&w=200&hash=58C3A0B5719601BA6792DFD4E0387DFD
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
807846fb2cea346123b73d0398f993d86a5596affafcff0d12c57fe62b358a01
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:57 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Wed, 15 Nov 2023 15:34:58 GMT
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
image/png
x-iinfo
8-36375152-36375309 PNNy RT(1700598833414 3843) q(0 0 0 -1) r(1 1) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="25054_SET_Toyotathon_SETF_Header_EventLogo.png"
accept-ranges
bytes
content-length
9170
x-xss-protection
1; mode=block
setf-logo-fullcolor.svg
www.setf.com/-/media/images/footer/setf/ 		11 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/footer/setf/setf-logo-fullcolor.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
526fbc46d7a83cf53f0e4bafcf4f2cf6a0291b0de72b193ad356f9b24f28e278
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:57 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Wed, 14 Jul 2021 14:19:07 GMT
x-cdn
Imperva
content-encoding
gzip
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375303 PNYy RT(1700598833414 3846) q(0 0 0 -1) r(1 2) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="SETF-logo-FullColor.svg"
accept-ranges
bytes
x-xss-protection
1; mode=block
embed.js
resources.digital-cloud-west.medallia.com/wdcwest/24233/onsite/ 		1 KB
1011 B 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.digital-cloud-west.medallia.com/wdcwest/24233/onsite/embed.js
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.121.230 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b2145c53394c670fa5ca35b31593cc90b0d5949eaec6f50b215992d3c85eea9a
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
clQyWOlbyMJGrjoplGmkrA7YL4EOqlmU
content-encoding
gzip
via
1.1 varnish
date
Tue, 21 Nov 2023 20:33:58 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
0K5T8ZNM9GFMX3EN
age
702453
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
531
x-amz-id-2
vioeHtb/eotdBHVcS2eSt+mq2JFCOV8v8e/IdSo09Ju9aeyMoC+cpndn6OboaiVKkJ0lVl4DshLyr8hQBmVRqe9MpIWVckDhE9rr2TkdtUk=
x-served-by
cache-fra-eddf8230077-FRA
last-modified
Mon, 13 Nov 2023 16:20:16 GMT
server
AmazonS3
x-timer
S1700598838.460118,VS0,VE3
etag
"c6aeb9d16e7215cd6de9dc67723c51f3"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=0,must-revalidate
accept-ranges
bytes
x-cache-hits
1
main.bundle.js
www.setf.com/areas/setf/scripts/ 		327 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/areas/setf/scripts/main.bundle.js?v=1.0.8710.21748
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f40c10f6daaafbad865210f77130489c34d06ccf80f2fcef3edc9af142ddac99
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:56 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Mon, 06 Nov 2023 12:08:50 GMT
x-cdn
Imperva
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
etag
"035840aa10da1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-iinfo
8-36375152-36375159 PNNN RT(1700598833414 2017) q(0 0 0 -1) r(1 1) U24
accept-ranges
bytes
content-length
89589
x-xss-protection
1; mode=block
_Incapsula_Resource
www.setf.com/ 		151 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1313365986
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
60d89c0a4c251686966b46c6951dd7b4d6518613a2ea0a2ff12df4320429ba4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
21943
content-type
application/javascript
p.css
p.typekit.net/ 		5 B
172 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://p.typekit.net/p.css?s=1&k=qxt4vzx&ht=tk&f=27034.27040.27042&a=4286737&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/qxt4vzx.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
95.101.54.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a95-101-54-129.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:57 GMT
last-modified
Sun, 10 Sep 2023 12:39:23 GMT
server
nginx
etag
"64fdb8fb-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
js
www.googletagmanager.com/gtag/ 		263 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-YEQ7DB1334&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N86NDHC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.168 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
86e6889894382984a0b1840c37c281a23e447013b344c60e28e26a7d7c3a76b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:57 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
90072
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 21 Nov 2023 20:33:57 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N86NDHC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 21 Nov 2023 19:19:54 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
4444
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Tue, 21 Nov 2023 21:19:54 GMT
ch0c8krbe6
www.clarity.ms/tag/ 		650 B
1014 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/ch0c8krbe6?ref=gtm
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N86NDHC
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.213.44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d3ad4611ed0d4f9875dc0ec6c836afe519cfe7bcf6d4cd05fb3b387b690e3c10

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

expires
-1
date
Tue, 21 Nov 2023 20:33:58 GMT
x-azure-ref
20231121T203358Z-9uf38r679577b503t8ave2p3v800000007200000000102rh
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
650
request-context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
svgsheet.svg
www.setf.com/areas/setf/images/ 		141 KB
50 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/areas/setf/images/svgsheet.svg?v=1.0.8710.21748
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5e9fb32a34a85c56294c8de444369dcbcb36e04f926b04dd203329c251c85081
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:57 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Mon, 06 Nov 2023 12:08:48 GMT
x-cdn
Imperva
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
etag
"0853ffa910da1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
x-iinfo
8-36375152-36375482 NNNY CT(96 194 0) RT(1700598833414 3857) q(0 0 0 -1) r(1 2) U24
accept-ranges
bytes
content-length
49998
x-xss-protection
1; mode=block
312066-2021-sienna-driven3-mobile.jpg
www.setf.com/-/media/images/contentblocks/setf/pages/homepage/ 		135 KB
137 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/contentblocks/setf/pages/homepage/312066-2021-sienna-driven3-mobile.jpg?h=720&w=1280&hash=712384B92EADC79E37429C45185FA9BC
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f75dae39e181853d32ac6b0589df17a95cd465256547cee3556b42833beab9a5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:58 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Fri, 11 Aug 2023 14:40:48 GMT
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
image/jpeg
x-iinfo
8-36375152-36375484 NNNN CT(95 97 0) RT(1700598833414 3861) q(0 0 2 -1) r(4 5) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="312066-2021-sienna-driven3-mobile.jpg"
accept-ranges
bytes
content-length
138684
x-xss-protection
1; mode=block
2023-kbb-1280x720.jpg
www.setf.com/-/media/images/magazine/2023-kbb/ 		157 KB
158 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/magazine/2023-kbb/2023-kbb-1280x720.jpg?h=720&w=1280&hash=5674250FD99A9831BDD73CBF731DA43B
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
8860efbf7bc6382ab880d5f46efa8e2c449c219081832984aa1e57eef55246f3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:58 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Mon, 24 Jul 2023 18:33:34 GMT
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
image/jpeg
x-iinfo
8-36375152-36375306 PNNy RT(1700598833414 3863) q(0 3 3 -1) r(4 4) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="2023-KBB-1280x720.jpg"
accept-ranges
bytes
content-length
160442
x-xss-protection
1; mode=block
25054_set_toyotathon_setf_header.jpg
www.setf.com/-/media/images/reusablecontent/ads/setf/set-offers/html_bg_950x900/ 		72 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/reusablecontent/ads/setf/set-offers/html_bg_950x900/25054_set_toyotathon_setf_header.jpg?h=900&w=950&hash=EE62B29B57D09A10B632ACD8F31003DE
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4b398b6e47bddc78f550b82fe9fb4017050967802afec4469628ab57df1c4717
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:58 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Tue, 07 Nov 2023 18:45:12 GMT
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
image/jpeg
x-iinfo
8-36375152-36375482 PNNy RT(1700598833414 3866) q(0 3 3 -1) r(5 5) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="25054_SET_Toyotathon_SETF_Header.jpg"
accept-ranges
bytes
content-length
74129
x-xss-protection
1; mode=block
toyota-lease-or-buy-thinking.png
www.setf.com/-/media/images/reusablecontent/cards/setf/ 		308 KB
310 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/reusablecontent/cards/setf/toyota-lease-or-buy-thinking.png?h=720&w=1280&hash=2F22CFD1C66A77166A339D161F22A70F
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3e86dc1a9f1d417d670c6d085d3cc24546e35371775fa980033b5a694e1c84a9
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:58 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Fri, 30 Jun 2023 15:32:34 GMT
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
image/png
x-iinfo
8-36375152-36375309 PNNy RT(1700598833414 3871) q(0 4 4 -1) r(5 5) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="toyota-lease-or-buy-thinking.png"
accept-ranges
bytes
content-length
315566
x-xss-protection
1; mode=block
as_college.png
www.setf.com/-/media/images/reusablecontent/cards/setf/ 		362 KB
363 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/reusablecontent/cards/setf/as_college.png?h=270&hash=43625711A7A6467ACB040A63B99E92ED&w=480
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b166e185ee91ad4267e5da17736994c5c3ab2633fb09cd4d09bf5b28149c5e84
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:58 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Fri, 30 Jun 2023 15:28:26 GMT
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
image/png
x-iinfo
8-36375152-36375159 PNNN RT(1700598833414 3873) q(0 4 4 -1) r(5 5) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="as_college.png"
accept-ranges
bytes
content-length
370321
x-xss-protection
1; mode=block
as_military.png
www.setf.com/-/media/images/reusablecontent/cards/setf/ 		352 KB
354 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/-/media/images/reusablecontent/cards/setf/as_military.png?h=270&hash=67F3D9528805E338F2DE8542D32A1C16&w=480
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
706e4539433aa6fbd6573df9c5a216ffb239786252cf69312a6ce785766baac2
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:58 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Fri, 30 Jun 2023 15:31:45 GMT
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
image/png
x-iinfo
8-36375152-36375303 PNNy RT(1700598833414 3874) q(0 5 5 -1) r(18 18) U24
cache-control
private, max-age=604800
content-disposition
inline; filename="as_military.png"
accept-ranges
bytes
content-length
360447
x-xss-protection
1; mode=block
toyotatype-regular.woff2
www.setf.com/areas/setf/fonts/
Redirect Chain
  • https://www.setf.com/areas/SETF/fonts/ToyotaType-Regular.woff2
  • https://www.setf.com/areas/setf/fonts/toyotatype-regular.woff2
44 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/areas/setf/fonts/toyotatype-regular.woff2
Requested by
Host: www.setf.com
URL: https://www.setf.com/areas/setf/content/styles.css?v=1.0.8710.21748
Protocol
H2
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
dbfaa5cf90c9e9330ce0a84e9b797297f6f126e0fd0a949bd9d12a7b591cec8f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/areas/setf/content/styles.css?v=1.0.8710.21748
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:59 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Mon, 06 Nov 2023 12:08:48 GMT
x-cdn
Imperva
etag
"0853ffa910da1:0"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
x-iinfo
8-36375152-36375482 PNNy RT(1700598833414 4525) q(0 11 11 -1) r(16 16) U24
x-incap-sess-cookie-hdr
0NTADin73ULMeaIbtNMWCjcUXWUAAAAA912Yg28j0G8N6G/tPrk/Kw==
accept-ranges
bytes
content-length
45424
x-xss-protection
1; mode=block

Redirect headers

date
Tue, 21 Nov 2023 20:33:57 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://www.setf.com/areas/setf/fonts/toyotatype-regular.woff2
x-iinfo
8-36375152-36375306 PNNy RT(1700598833414 3876) q(0 1 1 -1) r(2 2) U24
x-incap-sess-cookie-hdr
cWAHPc7dBVHMeaIbtNMWCjUUXWUAAAAAl02oKP5+Wag2nwmg6H0aiQ==
content-length
185
x-xss-protection
1; mode=block
toyotatype-semibold.woff2
www.setf.com/areas/setf/fonts/
Redirect Chain
  • https://www.setf.com/areas/SETF/fonts/ToyotaType-Semibold.woff2
  • https://www.setf.com/areas/setf/fonts/toyotatype-semibold.woff2
43 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/areas/setf/fonts/toyotatype-semibold.woff2
Requested by
Host: www.setf.com
URL: https://www.setf.com/areas/setf/content/styles.css?v=1.0.8710.21748
Protocol
H2
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
6b099015dcb6b2be3a0a35c8eeef1a716e6c44938dcf11d091a513c3bb08bc8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/areas/setf/content/styles.css?v=1.0.8710.21748
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:34:00 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
last-modified
Mon, 06 Nov 2023 12:08:48 GMT
x-cdn
Imperva
etag
"0853ffa910da1:0"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
x-iinfo
8-36375152-36375306 PNNy RT(1700598833414 4532) q(0 15 15 -1) r(16 16) U24
x-incap-sess-cookie-hdr
ZZDoDonP1WHMeaIbtNMWCjcUXWUAAAAACLnFYEQzliaBrd+fYXZYgQ==
accept-ranges
bytes
content-length
44300
x-xss-protection
1; mode=block

Redirect headers

date
Tue, 21 Nov 2023 20:33:58 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
x-cdn
Imperva
x-frame-options
SAMEORIGIN
content-type
text/html; charset=UTF-8
location
https://www.setf.com/areas/setf/fonts/toyotatype-semibold.woff2
x-iinfo
8-36375152-36375159 PNNN RT(1700598833414 3877) q(0 1 1 -1) r(2 2) U24
x-incap-sess-cookie-hdr
qGNhPw8W0xrMeaIbtNMWCjUUXWUAAAAAvT0GCla5mMNQZuKnNYK/1A==
content-length
186
x-xss-protection
1; mode=block
l
use.typekit.net/af/5c2715/00000000000000007735b54e/30/ 		57 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/af/5c2715/00000000000000007735b54e/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n9&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/qxt4vzx.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.24.77.144 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-24-77-144.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f4004d1e0abb854ac10ad894d1947c38898aa69957a3aa1a1e262d3fc65448f1

Request headers

Referer
https://use.typekit.net/qxt4vzx.css
Origin
https://www.setf.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:58 GMT
server
nginx
etag
"6d84695849a563bfa47c4fdfcbbab87788254d45"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
58664
animated-account-access-icon.svg
www.setf.com/-/media/images/benefits/setf/ Frame 122B 		36 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/-/media/images/benefits/setf/animated-account-access-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
678c760e5775479a6a6c6d1faaddaad4d9716abeb937f240bc421494ec75c17a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.setf.com/%20
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
private, max-age=604800
content-disposition
inline; filename="Animated Account Access Icon.svg"
content-encoding
gzip
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
content-type
image/svg+xml
date
Tue, 21 Nov 2023 20:33:58 GMT
last-modified
Tue, 10 May 2022 19:43:43 GMT
strict-transport-security
max-age=31536000
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
8-36375152-36375309 PNYy RT(1700598833414 3891) q(0 0 0 -1) r(2 2) U24
x-xss-protection
1; mode=block
animated-account-alerts-icon.svg
www.setf.com/-/media/images/benefits/setf/ Frame FFF8 		42 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/-/media/images/benefits/setf/animated-account-alerts-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
bff25d30a567a3a9a9e76463dbb2b562f4254979e8d2de5056f12d443d481618
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.setf.com/%20
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
private, max-age=604800
content-disposition
inline; filename="Animated Account Alerts Icon.svg"
content-encoding
gzip
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
content-type
image/svg+xml
date
Tue, 21 Nov 2023 20:33:58 GMT
last-modified
Tue, 10 May 2022 19:43:03 GMT
strict-transport-security
max-age=31536000
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
8-36375152-36375306 PNYy RT(1700598833414 3894) q(0 1 1 -1) r(2 2) U24
x-xss-protection
1; mode=block
animated-account-service-icon.svg
www.setf.com/-/media/images/benefits/setf/ Frame F79B 		44 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/-/media/images/benefits/setf/animated-account-service-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
58dbc2b37d533d4f36ae46a226386c4a5b8051fe8d01950f52ba5d569705e632
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.setf.com/%20
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
private, max-age=604800
content-disposition
inline; filename="Animated Account Service Icon.svg"
content-encoding
gzip
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
content-type
image/svg+xml
date
Tue, 21 Nov 2023 20:33:58 GMT
last-modified
Tue, 10 May 2022 19:43:31 GMT
strict-transport-security
max-age=31536000
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
8-36375152-36375303 PNYy RT(1700598833414 3984) q(0 1 1 -1) r(3 3) U24
x-xss-protection
1; mode=block
animated-account-management-icon.svg
www.setf.com/-/media/images/benefits/setf/ Frame 0598 		37 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/-/media/images/benefits/setf/animated-account-management-icon.svg
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
0d2f0dd095b40e08f606c88fd19a049234bee9cc79f139ab3821a848feaf61a3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.setf.com/%20
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
cache-control
private, max-age=604800
content-disposition
inline; filename="Animated Account Management Icon.svg"
content-encoding
gzip
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
content-type
image/svg+xml
date
Tue, 21 Nov 2023 20:33:58 GMT
last-modified
Tue, 10 May 2022 19:43:19 GMT
strict-transport-security
max-age=31536000
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
8-36375152-36375159 PNYN RT(1700598833414 3986) q(0 1 1 -1) r(3 3) U24
x-xss-protection
1; mode=block
19.3e0859120b4568288d6e.bundle.js
www.setf.com/areas/SETF/Scripts/ 		35 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.setf.com/areas/SETF/Scripts/19.3e0859120b4568288d6e.bundle.js
Requested by
Host: www.setf.com
URL: https://www.setf.com/areas/setf/scripts/main.bundle.js?v=1.0.8710.21748
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1f8b3bed84ac7d93da91c732c00b866140223d572a4486dadb24adf18fa6351f
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:34:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Mon, 06 Nov 2023 12:08:48 GMT
x-cdn
Imperva
content-security-policy
default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
etag
"0853ffa910da1:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
x-iinfo
8-36375152-36375484 PNNN RT(1700598833414 3987) q(0 23 23 -1) r(26 26) U24
accept-ranges
bytes
content-length
6897
x-xss-protection
1; mode=block
web-vitals.attribution.iife.js
unpkg.com/web-vitals@3.0.0/dist/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://unpkg.com/web-vitals@3.0.0/dist/web-vitals.attribution.iife.js
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.126.175 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9344b6a4db3db16dee581361244125a03a353c2ed0f5f701d83dc2be552d07c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:58 GMT
via
1.1 fly.io
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
848004
last-modified
Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id
01HF0GPW68WNXVESR9FXB3BH5B-fra
server
cloudflare
etag
W/"2647-N1l5oKJqaDLvxL3cO+UxlArzaXc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
cf-ray
829bb5f5db8abb61-FRA
_Incapsula_Resource
www.setf.com/ 		1 B
65 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.setf.com/_Incapsula_Resource?SWKMTFSR=1&e=0.7869888367311408
Requested by
Host: www.setf.com
URL: https://www.setf.com/%20
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.242.243 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/%20
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
content-type
text/plain
collect
region1.google-analytics.com/g/ 		0
252 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-YEQ7DB1334&gtm=45je3b81v879827699z8813472719&_p=1700598835430&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1585339359.1700598838&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1700598838&sct=1&seg=0&dl=https%3A%2F%2Fwww.setf.com%2F%20&dt=Southeast%20Toyota%20Finance&en=page_view&_fv=1&_nsi=1&_ss=1&ep.page_type=%2F%2520&ep.effective_connection_type=4g&ep.save_data=unknown&tfd=4249
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YEQ7DB1334&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Nov 2023 20:33:58 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.setf.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
truncated
/ 		140 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44e2f3c74eb712f8c97f59adffd9cb9a5c28577bf1f0a2d9930609d8d5a5a749

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		197 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
683c33692908038b7469ceb51271792227d3ecfc3e053b8768d64a79cd03d40c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		185 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
42ea1cd6e8b4155c709d3da59193b6e5be2cc5fab21d180e779b4bb33087924f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		175 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e362760c0e80628f958552bcb8499e6060c052288a5567828ae1b4fb26f25237

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
image/png
clarity.js
www.clarity.ms/s/0.7.18/ 		59 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.18/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/ch0c8krbe6?ref=gtm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.213.44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f4e16c137bfcf443839c20e1038b9ee2dec570f047ae3b1c8f9378e9176750dd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Tue, 21 Nov 2023 20:33:59 GMT
content-encoding
br
last-modified
Fri, 17 Nov 2023 13:41:44 GMT
etag
W/"0x8DBE772F014B026"
vary
Accept-Encoding
x-azure-ref
20231121T203359Z-9uf38r679577b503t8ave2p3v800000007200000000102u7
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
7767f6a6-101e-004a-47fe-198d54000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
collect
www.google-analytics.com/j/ 		4 B
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2119883782&t=pageview&_s=1&dl=https%3A%2F%2Fwww.setf.com%2F%2520&ul=en-us&de=UTF-8&dt=Southeast%20Toyota%20Finance&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=89643206&gjid=1912339733&cid=1585339359.1700598838&tid=UA-9371672-2&_gid=378517683.1700598839&_r=1&_slc=1&gtm=45He3b81n81N86NDHCv813472719&cd1=&cd6=Non%20authenticated&cd7=English&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=1100943668
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.142 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.setf.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Tue, 21 Nov 2023 20:33:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.setf.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-9371672-2&cid=1585339359.1700598838&jid=89643206&gjid=1912339733&_gid=378517683.1700598839&_u=YADAAEAAAAAAACAAI~&z=204870129
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.133.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wo-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.setf.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Tue, 21 Nov 2023 20:33:59 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.setf.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
v.clarity.ms/ 		0
292 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://v.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.189.135 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.setf.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.setf.com
Date
Tue, 21 Nov 2023 20:34:00 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
generic1699892414932.js
resources.digital-cloud-west.medallia.com/wdcwest/24233/onsite/ 		393 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://resources.digital-cloud-west.medallia.com/wdcwest/24233/onsite/generic1699892414932.js
Requested by
Host: resources.digital-cloud-west.medallia.com
URL: https://resources.digital-cloud-west.medallia.com/wdcwest/24233/onsite/embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.121.230 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c5c164a1796a32f4cb4984ec3b16f31481d285aebd29ef760bd6cbf484469adc
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-amz-version-id
AZpFP.Xd2l553RmwLccQkTt5DohLKZE8
content-encoding
gzip
via
1.1 varnish
date
Tue, 21 Nov 2023 20:34:01 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
MKX69GW68HTZXKW1
age
702090
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
87189
x-amz-id-2
qmJVxKXUuWXmjsAoJaXEn0BKNkK5ZnmvuPfvv6haPDSK2ArxVNpiCMaAoDp+KytdwOpPaLlFjAmrNom3GYnQbHd89yEcd8f6
x-served-by
cache-fra-eddf8230077-FRA
last-modified
Mon, 13 Nov 2023 16:20:16 GMT
server
AmazonS3
x-timer
S1700598842.592704,VS0,VE2
etag
"95d55a248c615deb488669149e644cb1"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=2592000
accept-ranges
bytes
x-cache-hits
1
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=9E675129200E48998AA96CEB46E3B9CB&RedC=c.clarity.ms&MXFR=3B2D731E5FC76911226E60CE5BC767FB
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9E675129200E48998AA96CEB46E3B9CB&MUID=28B87E6C805F6AB71FAC6DBC815F6B4D
42 B
467 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9E675129200E48998AA96CEB46E3B9CB&MUID=28B87E6C805F6AB71FAC6DBC815F6B4D
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Nov 2023 20:34:02 GMT
last-modified
Wed, 30 Aug 2023 19:01:41 GMT
server
Microsoft-IIS/10.0
etag
"8d59566974dbd91:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Tue, 21 Nov 2023 20:34:02 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 6597F130793C4563812FCA0F4F12B36B Ref B: FRAEDGE1806 Ref C: 2023-11-21T20:34:02Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9E675129200E48998AA96CEB46E3B9CB&MUID=28B87E6C805F6AB71FAC6DBC815F6B4D
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=2119883782&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.setf.com%2F%2520&ul=en-us&de=UTF-8&dt=Southeast%20Toyota%20Finance&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Page%20Load%20Time&ea=%2F%2520&el=7.7&ev=8&_u=aADAAEABAAAAACAAI~&jid=&gjid=&cid=1585339359.1700598838&tid=UA-9371672-2&_gid=378517683.1700598839&gtm=45He3b81n81N86NDHCv813472719&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=517812100
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 20 Nov 2023 22:09:10 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
80691
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
__cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 		0
318 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExOS4wLjYwNDUuMTU5IFNhZmFyaS81MzcuMzYiLCJzZXNzaW9uX3BsYXRmb3JtIjogIldpbjMyIiwicGFnZV90aXRsZSI6ICJTb3V0aGVhc3QgVG95b3RhIEZpbmFuY2UiLCJwYWdlX3VybCI6ICJodHRwczovL3d3dy5zZXRmLmNvbS8lMjAiLCJ0cmFja2VyX3R5cGUiOiAiamF2YXNjcmlwdCIsInRyYWNrZXJfdmVyc2lvbiI6ICIyLjIuMjMiLCJldmVudF9uYW1lIjogIm5lYnVsYV9wYWdlX3ZpZXciLCJldmVudF90aW1lc3RhbXBfZXBvY2giOiAiMTcwMDU5ODg0MTg1NyIsImV2ZW50X3RpbWV6b25lX29mZnNldCI6IDEsInVzZXJfaWQiOiAiMThiZjM5NzAxZWYyYjUtMDBlMGI4NTA1MjI5NTEtNjEzMjVlNTMtMWQ0YzAwLTE4YmYzOTcwMWYwMjYzIiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXdlc3QiLCJhY2NvdW50SWQiOiAyNDIzMSwidXJsIjogImh0dHBzOi8vd3d3LnNldGYuY29tLyUyMCIsIndlYnNpdGVJZCI6IDI0MjMzLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIyOWU3LWVhZDQtNWQzMy1mNjhhLTg1YzUtOTFkYi1lNmMxLTZhNWIiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTcwMDU5ODg0MTg1NCIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiAxNTM4LCJrYW1weWxlX3ZlcnNpb24iOiAiMi41My4xIiwib25zaXRlX3ZlcnNpb24iOiAiMi41My4xIiwiaGlzdG9yeV9sZW5ndGgiOiAyLCJldmVudF9sb2NhbF90aW1lc3RhbXAiOiAxNzAwNTk4ODQxODU3LCJwb3NpdGlvbiI6IG51bGwsImlzVXNlcklkZW50aWZpZWQiOiBmYWxzZX0KXX0=
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.45.82 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
82.45.241.35.bc.googleusercontent.com
Software
Jetty(9.2.11.v20150529) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.setf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

x-me
prod-instance-gatewayservice-green-2btq
date
Tue, 21 Nov 2023 20:34:02 GMT
via
1.1 google
server
Jetty(9.2.11.v20150529)
access-control-max-age
1800
access-control-allow-methods
GET, POST, PUT, DELETE
content-type
image/gif; charset=UTF-8
access-control-allow-origin
*
access-control-allow-credentials
true
alt-svc
clear
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept
content-length
0
x-application-context
application:9090
collect
v.clarity.ms/ 		0
292 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://v.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.18/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.189.135 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.setf.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://www.setf.com
Date
Tue, 21 Nov 2023 20:34:02 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-YEQ7DB1334&gtm=45je3b81v879827699z8813472719&_p=1700598835430&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=1585339359.1700598838&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&sid=1700598838&sct=1&seg=0&dl=https%3A%2F%2Fwww.setf.com%2F%20&dt=Southeast%20Toyota%20Finance&_s=2&tfd=12774
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-YEQ7DB1334&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.34.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.setf.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 21 Nov 2023 20:34:06 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.setf.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| documentPictureInPicture object| dataLayer function| subscribeEvent function| unsubscribeEvent function| startActivityHandler function| placeCheckerRequest function| placeCssAspxRequest function| timeoutSleep function| getMetatagContent object| Evergage string| VE_CUSTOM_EVENT_NAME string| TO_LAUNCHER_MESSAGE_TYPE string| TO_LAUNCHER_PAYLOAD_TYPE object| eventLinkId object| evgr function| sendMessageToEvergageLauncher number| evergageBeaconParseTimeStart object| SalesforceInteractions number| evergageBeaconParseTimeEnd function| render number| evergagePageMatchTimeout object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data string| GoogleAnalyticsObject function| ga function| clarity function| AddClarityTags object| accountDetails object| ajax object| webpackJsonp function| applyFocusVisiblePolyfill object| MicroModal object| regeneratorRuntime function| onYouTubeIframeAPIReady object| gaGlobal object| KAMPYLE_EMBED object| webVitals object| gaplugins object| gaData object| MDIGITAL object| KAMPYLE_CONSTANT object| KAMPYLE_FUNC object| KAMPYLE_DATA object| KAMPYLE_TARGETING object| KAMPYLE_ANIMATION object| KAMPYLE_VIEW object| KAMPYLE_MESSAGE object| KAMPYLE_UTILS object| KAMPYLE_EVENT_DISPATCHER object| KAMPYLE_GA object| MDIGITAL_ELEMENT_BUILDER object| COOLADATA_CODE object| KAMPYLE_COOLADATA object| KAMPYLE_COMMON object| KAMPYLE_THERMO_TEALEAF_FUNC object| KAMPYLE_ADOBE_ANALYTICS object| KAMPYLE_SCREEN_CAPTURE object| KAMPYLE_ONSITE_SDK object| KAMPYLE_INTEGRATION object| cooladata

32 Cookies

Domain/Path Name / Value
www.setf.com/ Name: ASP.NET_SessionId
Value: wk3ry1uh0wim2df0rwj5kfx0
www.setf.com/ Name: SC_ANALYTICS_GLOBAL_COOKIE
Value: f543c63157d2406d86cc89e599057d6a|False
www.setf.com/ Name: SuccessfulLanguageUpdate
Value:
www.setf.com/ Name: __RequestVerificationToken
Value: AXrPAkZribECwiLZFPbWYT-dOr-AUyhgMpTX5Ik1bt2OdBS0s4u3kE9Vo5kf8hLvXZ8xgM2P9cZIevl-HR-x6qA6OjpwZik-L3Vv0JtobMk1
.setf.com/ Name: visid_incap_2628824
Value: CRT5T3G/TmGsyTX08QsMmzEUXWUAAAAAQUIPAAAAAACSIiQl41AhucKKZ8W8Nl5k
.setf.com/ Name: nlbi_2628824
Value: CTCkUhvfilMxSJxiATxKuAAAAAAYktnshfrLyX+7ALR4GwMi
.setf.com/ Name: incap_ses_727_2628824
Value: DSMBPXL5ZwnMeaIbtNMWCjIUXWUAAAAA+RwVrxOyz9wWjdjs0l+SzA==
.setf.com/ Name: _sfid_0c17
Value: {%22anonymousId%22:%22ca8b3a02c0279beb%22}
.setf.com/ Name: _evga_3277
Value: {%22uuid%22:%22ca8b3a02c0279beb%22}
www.clarity.ms/ Name: CLID
Value: e5ec9e3780f04f8190f4f8bbdb5e6874.20231121.20241120
.setf.com/ Name: _ga
Value: GA1.2.1585339359.1700598838
.setf.com/ Name: _gid
Value: GA1.2.378517683.1700598839
.setf.com/ Name: _gat_UA-9371672-2
Value: 1
.setf.com/ Name: _clck
Value: qrqdyu%7C2%7Cfgw%7C0%7C1420
.setf.com/ Name: _clsk
Value: 1mimpv3%7C1700598840289%7C1%7C1%7Cv.clarity.ms%2Fcollect
www.setf.com/ Name: AWSALBTG
Value: xalc4pgMjgqoYdAnNFvhwhWsZAjegWwYwfB8xZyQciWz2Pl/qyS+G01VnwT/GrYPWN6qME0ptXbaJmz/r5VMIGChQ8UoHcKJWwyMRJ7CjGlAidc35+HLDPrS6fHgi/G/rCf6IwS7wHi0PQ41FFJ//k6ZyTpjl075H5BJYJjPacTaRn0jLTA=
www.setf.com/ Name: AWSALBTGCORS
Value: xalc4pgMjgqoYdAnNFvhwhWsZAjegWwYwfB8xZyQciWz2Pl/qyS+G01VnwT/GrYPWN6qME0ptXbaJmz/r5VMIGChQ8UoHcKJWwyMRJ7CjGlAidc35+HLDPrS6fHgi/G/rCf6IwS7wHi0PQ41FFJ//k6ZyTpjl075H5BJYJjPacTaRn0jLTA=
www.setf.com/ Name: AWSALB
Value: cFcPPU0dgfQcqqmP/IWu1aYHqPriFeaSCvoWwGWAe+Yzkut5zeBoN8WvXy+z7ElLp0qppWbpdjiPu6jcprm8h9HQn1iAEAySEHcGkyxPOtNtyzOMl1vLfTD0j9m1
www.setf.com/ Name: AWSALBCORS
Value: cFcPPU0dgfQcqqmP/IWu1aYHqPriFeaSCvoWwGWAe+Yzkut5zeBoN8WvXy+z7ElLp0qppWbpdjiPu6jcprm8h9HQn1iAEAySEHcGkyxPOtNtyzOMl1vLfTD0j9m1
.setf.com/ Name: _ga_YEQ7DB1334
Value: GS1.1.1700598838.1.0.1700598841.0.0.0
www.setf.com/ Name: mdLogger
Value: false
www.setf.com/ Name: kampyle_userid
Value: 29e7-ead4-5d33-f68a-85c5-91db-e6c1-6a5b
www.setf.com/ Name: kampyleUserSession
Value: 1700598841854
www.setf.com/ Name: kampyleUserSessionsCount
Value: 1
www.setf.com/ Name: kampyleSessionPageCounter
Value: 1
.bing.com/ Name: MUID
Value: 28B87E6C805F6AB71FAC6DBC815F6B4D
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 28B87E6C805F6AB71FAC6DBC815F6B4D
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 28B87E6C805F6AB71FAC6DBC815F6B4D
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://apps.sitecore.net *.widen.net *.widencdn.net; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googletagmanager.com *.google-analytics.com *.google.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.clarity.ms *.cloudfront.net *.marker.io *.jquery.com *.kampyle.com *.force.com *.salesforceliveagent.com *.salesforce.com *.my.site.com *.my.salesforce.com https://unpkg.com; img-src 'self' data: http: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com *.typekit.net *.mapbox.com *.kampyle.com *.force.com *.my.site.com *.my.salesforce.com; font-src 'self' https://fonts.gstatic.com https://fonts.googleapis.com *.typekit.net data:; connect-src 'self' *.google.com *.googletagmanager.com *.google-analytics.com *.evgnet.com *.medallia.com *.billmatrix.com *.idoxs.net *.doubleclick.net *.luckyorange.net *.clarity.ms *.evergage.com *.kampyle.com *.marker.io *.shippingapis.com *.jquery.com *.my.site.com *.my.salesforce.com; child-src 'self' *.youtube.com *.medallia.com *.widen.net *.widencdn.net *.force.com; frame-ancestors 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.bing.com
c.clarity.ms
cdn.evgnet.com
p.typekit.net
region1.google-analytics.com
resources.digital-cloud-west.medallia.com
stats.g.doubleclick.net
udc-neb.kampyle.com
unpkg.com
use.typekit.net
v.clarity.ms
www.clarity.ms
www.google-analytics.com
www.googletagmanager.com
www.setf.com
104.16.126.175
13.107.213.44
142.250.185.142
142.250.185.168
146.75.121.230
151.101.0.114
184.24.77.144
20.114.189.135
204.79.197.200
216.239.34.36
2a00:1450:4001:80f::200e
35.241.45.82
45.60.242.243
68.219.88.97
74.125.133.157
95.101.54.129
0d2f0dd095b40e08f606c88fd19a049234bee9cc79f139ab3821a848feaf61a3
110acec63c257f1019a8b2faae468f20b280945296d9d5faa70669f696d5bb27
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1f8b3bed84ac7d93da91c732c00b866140223d572a4486dadb24adf18fa6351f
3e86dc1a9f1d417d670c6d085d3cc24546e35371775fa980033b5a694e1c84a9
3e8a3a6917bfd3ff92fcab283034490ea97033ca1441b238615a36a724cfe779
42ea1cd6e8b4155c709d3da59193b6e5be2cc5fab21d180e779b4bb33087924f
44e2f3c74eb712f8c97f59adffd9cb9a5c28577bf1f0a2d9930609d8d5a5a749
4b398b6e47bddc78f550b82fe9fb4017050967802afec4469628ab57df1c4717
526fbc46d7a83cf53f0e4bafcf4f2cf6a0291b0de72b193ad356f9b24f28e278
58dbc2b37d533d4f36ae46a226386c4a5b8051fe8d01950f52ba5d569705e632
596418713ac119ccbd4699b7e2aca667eaed86875721bcfb2031c45a8408f0a3
5e9fb32a34a85c56294c8de444369dcbcb36e04f926b04dd203329c251c85081
60d89c0a4c251686966b46c6951dd7b4d6518613a2ea0a2ff12df4320429ba4f
678c760e5775479a6a6c6d1faaddaad4d9716abeb937f240bc421494ec75c17a
683c33692908038b7469ceb51271792227d3ecfc3e053b8768d64a79cd03d40c
6b099015dcb6b2be3a0a35c8eeef1a716e6c44938dcf11d091a513c3bb08bc8d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
706e4539433aa6fbd6573df9c5a216ffb239786252cf69312a6ce785766baac2
7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce
807846fb2cea346123b73d0398f993d86a5596affafcff0d12c57fe62b358a01
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86e6889894382984a0b1840c37c281a23e447013b344c60e28e26a7d7c3a76b1
8860efbf7bc6382ab880d5f46efa8e2c449c219081832984aa1e57eef55246f3
9344b6a4db3db16dee581361244125a03a353c2ed0f5f701d83dc2be552d07c4
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
99de51a21831d655b50c21c0909b5db075a5f5ebf0b38e951b0492fe487390ec
a9205ccce9892c91011fa72597c8d65c4f7014c1d3a9fb5179f721186c952377
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b166e185ee91ad4267e5da17736994c5c3ab2633fb09cd4d09bf5b28149c5e84
b2145c53394c670fa5ca35b31593cc90b0d5949eaec6f50b215992d3c85eea9a
b942eed163cdb44aa4b80ebf3d38792073e99e3dbe3869793f1dbbc36fac9a23
b99ecb06cb7e0104c1275a217955f9bd3484e35c5ab0177cd29f314c4e9b1f24
bff25d30a567a3a9a9e76463dbb2b562f4254979e8d2de5056f12d443d481618
c5c164a1796a32f4cb4984ec3b16f31481d285aebd29ef760bd6cbf484469adc
d3ad4611ed0d4f9875dc0ec6c836afe519cfe7bcf6d4cd05fb3b387b690e3c10
dbfaa5cf90c9e9330ce0a84e9b797297f6f126e0fd0a949bd9d12a7b591cec8f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e362760c0e80628f958552bcb8499e6060c052288a5567828ae1b4fb26f25237
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f4004d1e0abb854ac10ad894d1947c38898aa69957a3aa1a1e262d3fc65448f1
f40c10f6daaafbad865210f77130489c34d06ccf80f2fcef3edc9af142ddac99
f4e16c137bfcf443839c20e1038b9ee2dec570f047ae3b1c8f9378e9176750dd
f75dae39e181853d32ac6b0589df17a95cd465256547cee3556b42833beab9a5