Submitted URL: https://click.info15.citi.com/?qs=1045cfe5cc097a5189f815c4dbe760a6d0e2352119fdb0d94eb211d3cdb3ab895a6f3892e7231a83ab70baa478bf...
Effective URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID...
Submission: On July 11 via api from US — Scanned from DE

Summary

This website contacted 29 IPs in 4 countries across 21 domains to perform 160 HTTP transactions. The main IP is 35.190.22.40, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is citicards.citi.com. The Cisco Umbrella rank of the primary domain is 172881.
TLS certificate: Issued by DigiCert EV RSA CA G2 on March 14th 2023. Valid for: a year.
This is the only time citicards.citi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.111.71.127 22606 (EXACT-7)
1 1 104.102.55.191 16625 (AKAMAI-AS)
1 55 35.190.22.40 15169 (GOOGLE)
4 2606:4700::68... 13335 (CLOUDFLAR...)
14 99.84.88.39 16509 (AMAZON-02)
1 3 52.209.244.112 16509 (AMAZON-02)
8 3.124.119.57 16509 (AMAZON-02)
3 34.107.138.236 396982 (GOOGLE-CL...)
1 52.208.156.123 16509 (AMAZON-02)
1 63.140.62.135 15224 (OMNITURE)
1 1 34.251.46.32 16509 (AMAZON-02)
1 2600:9000:20c... 16509 (AMAZON-02)
13 2a00:1450:400... 15169 (GOOGLE)
1 193.0.160.131 54312 (ROCKETFUEL)
1 18.66.97.121 16509 (AMAZON-02)
1 18.66.248.47 16509 (AMAZON-02)
1 66.235.152.143 16509 (AMAZON-02)
1 34.253.91.174 16509 (AMAZON-02)
8 104.17.208.240 13335 (CLOUDFLAR...)
1 35.190.60.146 15169 (GOOGLE)
7 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2600:9000:224... 16509 (AMAZON-02)
1 13.225.33.74 16509 (AMAZON-02)
1 2 52.46.151.131 16509 (AMAZON-02)
1 54.156.57.223 14618 (AMAZON-AES)
9 2a00:1450:400... 15169 (GOOGLE)
1 35.71.131.137 16509 (AMAZON-02)
2 34.198.94.134 14618 (AMAZON-AES)
1 52.222.149.8 16509 (AMAZON-02)
9 2a00:1450:400... 15169 (GOOGLE)
9 2a00:1450:400... 15169 (GOOGLE)
160 29
Apex Domain
Subdomains
Transfer
58 citi.com
click.info15.citi.com — Cisco Umbrella Rank: 119396
www.citi.com — Cisco Umbrella Rank: 25553
citicards.citi.com — Cisco Umbrella Rank: 172881
tagmanager1.citi.com — Cisco Umbrella Rank: 51910
metrics1.citi.com — Cisco Umbrella Rank: 22914
prod.report.nacustomerexperience.citi.com — Cisco Umbrella Rank: 19460
857 KB
21 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 3097
data.privacy.ensighten.com — Cisco Umbrella Rank: 8355
320 KB
13 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 79
759 KB
9 google.de
www.google.de — Cisco Umbrella Rank: 4752
1 KB
9 google.com
www.google.com — Cisco Umbrella Rank: 10
1 KB
9 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 57
14 KB
8 qualtrics.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com — Cisco Umbrella Rank: 31778
siteintercept.qualtrics.com — Cisco Umbrella Rank: 899
91 KB
7 bing.com
bat.bing.com — Cisco Umbrella Rank: 390
14 KB
7 crazyegg.com
script.crazyegg.com — Cisco Umbrella Rank: 2357
pagestates-tracking.crazyegg.com — Cisco Umbrella Rank: 5243
assets-tracking.crazyegg.com — Cisco Umbrella Rank: 5234
tracking.crazyegg.com — Cisco Umbrella Rank: 4635
33 KB
4 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 218
citi.demdex.net — Cisco Umbrella Rank: 40382
6 KB
3 tvpixel.com
c.tvpixel.com — Cisco Umbrella Rank: 9442
p.tvpixel.com — Cisco Umbrella Rank: 2065
32 KB
3 citibankonline.com
cdn.digitalmarketing.citibankonline.com — Cisco Umbrella Rank: 73076
52 KB
2 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 333
763 B
2 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1592
insight.adsrvr.org — Cisco Umbrella Rank: 603
3 KB
2 bridgetrack.com
citi.bridgetrack.com — Cisco Umbrella Rank: 150541
1 KB
1 scorecardresearch.com
sb.scorecardresearch.com — Cisco Umbrella Rank: 162
299 B
1 rlcdn.com
sr.rlcdn.com — Cisco Umbrella Rank: 20572
98 B
1 omtrdc.net
citicorpcreditservic.tt.omtrdc.net — Cisco Umbrella Rank: 31853
1 KB
1 rfihub.com
20766699p.rfihub.com — Cisco Umbrella Rank: 117813
680 B
1 rfihub.net
c1.rfihub.net — Cisco Umbrella Rank: 5437
6 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 1111
517 B
160 21
Domain Requested by
53 citicards.citi.com nexus.ensighten.com
citicards.citi.com
14 nexus.ensighten.com citicards.citi.com
nexus.ensighten.com
13 www.googletagmanager.com nexus.ensighten.com
9 www.google.de
9 www.google.com
9 googleads.g.doubleclick.net nexus.ensighten.com
7 siteintercept.qualtrics.com nexus.ensighten.com
7 bat.bing.com nexus.ensighten.com
7 data.privacy.ensighten.com citicards.citi.com
4 script.crazyegg.com citicards.citi.com
script.crazyegg.com
nexus.ensighten.com
3 cdn.digitalmarketing.citibankonline.com citicards.citi.com
3 dpm.demdex.net 1 redirects citicards.citi.com
2 p.tvpixel.com nexus.ensighten.com
2 s.amazon-adsystem.com 1 redirects
2 citi.bridgetrack.com 1 redirects citicards.citi.com
1 sb.scorecardresearch.com
1 insight.adsrvr.org nexus.ensighten.com
1 prod.report.nacustomerexperience.citi.com nexus.ensighten.com
1 js.adsrvr.org nexus.ensighten.com
1 c.tvpixel.com nexus.ensighten.com
1 sr.rlcdn.com nexus.ensighten.com
1 zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com nexus.ensighten.com
1 tracking.crazyegg.com script.crazyegg.com
1 citicorpcreditservic.tt.omtrdc.net nexus.ensighten.com
1 assets-tracking.crazyegg.com script.crazyegg.com
1 pagestates-tracking.crazyegg.com script.crazyegg.com
1 20766699p.rfihub.com nexus.ensighten.com
1 c1.rfihub.net nexus.ensighten.com
1 cm.everesttech.net 1 redirects
1 metrics1.citi.com nexus.ensighten.com
1 citi.demdex.net nexus.ensighten.com
1 tagmanager1.citi.com nexus.ensighten.com
1 www.citi.com 1 redirects
1 click.info15.citi.com 1 redirects
160 34

This site contains links to these domains. Also see Links.

Domain
online.citi.com
citi.bridgetrack.com
www.lifeandmoney.citi.com
www.ftc.gov
Subject Issuer Validity Valid
citicards.citi.com
DigiCert EV RSA CA G2
2023-03-14 -
2024-04-13
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-03-09 -
2024-03-08
a year crt.sh
nexus.ensighten.com
DigiCert TLS RSA SHA256 2020 CA1
2022-10-07 -
2023-10-14
a year crt.sh
citi.bridgetrack.com
Thawte EV RSA CA G2
2023-03-20 -
2024-04-19
a year crt.sh
tagmanager1.citi.com
DigiCert EV RSA CA G2
2022-09-21 -
2023-09-22
a year crt.sh
cdn.digitalmarketing.citibankonline.com
DigiCert EV RSA CA G2
2023-05-23 -
2024-06-22
a year crt.sh
*.privacy.ensighten.com
DigiCert TLS RSA SHA256 2020 CA1
2023-02-03 -
2024-02-16
a year crt.sh
*.demdex.com
DigiCert TLS RSA SHA256 2020 CA1
2022-09-26 -
2023-10-27
a year crt.sh
metrics1.citi.com
DigiCert EV RSA CA G2
2022-07-22 -
2023-08-22
a year crt.sh
*.rfihub.net
Amazon RSA 2048 M01
2023-02-24 -
2023-12-29
10 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
*.rfihub.com
Sectigo RSA Domain Validation Secure Server CA
2023-04-27 -
2024-04-27
a year crt.sh
crazyegg.com
Amazon RSA 2048 M02
2023-05-28 -
2024-06-26
a year crt.sh
*.tt.omtrdc.net
DigiCert TLS RSA SHA256 2020 CA1
2022-08-01 -
2023-09-01
a year crt.sh
*.qualtrics.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-03-27 -
2024-03-26
a year crt.sh
*.rlcdn.com
Sectigo RSA Domain Validation Secure Server CA
2023-02-02 -
2024-03-03
a year crt.sh
www.bing.com
Microsoft RSA TLS CA 02
2023-02-16 -
2023-08-16
6 months crt.sh
*.tvpixel.com
Amazon RSA 2048 M01
2023-02-21 -
2024-01-13
a year crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2023-04-12 -
2024-05-13
a year crt.sh
prod.report.nacustomerexperience.citi.com
DigiCert EV RSA CA G2
2023-05-19 -
2024-05-22
a year crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
*.scorecardresearch.com
Sectigo RSA Domain Validation Secure Server CA
2022-12-15 -
2023-12-28
a year crt.sh
www.google.com
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh
www.google.de
GTS CA 1C3
2023-06-19 -
2023-09-11
3 months crt.sh

This page contains 6 frames:

Primary Page: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Frame ID: 1B59A99ABAB266D7AE0132296EEDBA83
Requests: 150 HTTP requests in this frame

Frame: https://script.crazyegg.com/pages/data-scripts/0090/1567/site/citicards.citi.com.json?t=1
Frame ID: C2E4A310EC7492CEAF9F32EE47CD8E78
Requests: 5 HTTP requests in this frame

Frame: https://citi.demdex.net/dest5.html?d_nsid=0
Frame ID: 730E1FBD8AC8B32F9F6CC7846EDF1E3F
Requests: 1 HTTP requests in this frame

Frame: https://20766699p.rfihub.com/ca.html?ver=9&ra=1564&rb=648&ca=20766699&_o=17169175&_t=citifraudpreventionlp&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=citifraudpreventionlp&pe=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0%21.SEOz.eGI.lYg.xG%21.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&pf=&ra=3622311223722732
Frame ID: 0CD9FD747B4B1F4B6A64F086D660BB91
Requests: 1 HTTP requests in this frame

Frame: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Frame ID: 62F7D4FAE016C2102CB10E059395A241
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&upid=hqgowpz&upv=1.1.0&id=ttdUniversalPixelTag1689097477033&td1=Sapient_cbol_citi_fraud_prevention_lp
Frame ID: 4ED159796ED3C09A2BFC204A2317D879
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Fraud Prevention | Citi.com

Page URL History Show full URLs

  1. https://click.info15.citi.com/?qs=1045cfe5cc097a5189f815c4dbe760a6d0e2352119fdb0d94eb211d3cdb3ab895a6f3892... HTTP 302
    https://www.citi.com/fraudprevention HTTP 301
    https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E HTTP 302
    https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.B... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

160
Requests

96 %
HTTPS

26 %
IPv6

21
Domains

34
Subdomains

29
IPs

4
Countries

2189 kB
Transfer

5279 kB
Size

49
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.info15.citi.com/?qs=1045cfe5cc097a5189f815c4dbe760a6d0e2352119fdb0d94eb211d3cdb3ab895a6f3892e7231a83ab70baa478bf41803e9f59697d1d47f3594393205292d67e HTTP 302
    https://www.citi.com/fraudprevention HTTP 301
    https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E HTTP 302
    https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 3
  • https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097475518 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097475518
Request Chain 13
  • https://cm.everesttech.net/cm/dd?d_uuid=75272547503630130891767985019423787676 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VBAAAAFb2TANn
Request Chain 98
  • https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView HTTP 302
  • https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t

160 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request default.htm
citicards.citi.com/cbol/fraudprevention/
Redirect Chain
  • https://click.info15.citi.com/?qs=1045cfe5cc097a5189f815c4dbe760a6d0e2352119fdb0d94eb211d3cdb3ab895a6f3892e7231a83ab70baa478bf41803e9f59697d1d47f3594393205292d67e
  • https://www.citi.com/fraudprevention
  • https://citi.bridgetrack.com/cbol/_spredir.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E
  • https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
102 KB
46 KB
Document
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
76185a158e03dd7eddcd3d661b4eee63e0e15e9f0c78c2cec646e0108fb09be5
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
gzip
content-length
46432
content-type
text/html
date
Tue, 11 Jul 2023 17:44:34 GMT
expires
Mon, 10 Jul 2023 17:44:35 GMT
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
vary
Accept-Encoding
via
1.1 google
x-frame-options
DENY

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-length
0
content-type
text/html
date
Tue, 11 Jul 2023 17:44:34 GMT
expires
Mon, 10 Jul 2023 17:44:35 GMT
location
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
via
1.1 google
1567.js
script.crazyegg.com/pages/scripts/0090/
6 KB
2 KB
Script
General
Full URL
https://script.crazyegg.com/pages/scripts/0090/1567.js
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94bad9954c9dc33d05273f541c9f4ad8b7622eba628719cf61ff5969c3656b4f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
5607
cf-polished
origSize=6063
ce-version
11.5.100
cf-bgj
minify
last-modified
Tue, 11 Jul 2023 16:11:08 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
7e52daf5ead05b26-FRA
Bootstrap.js
nexus.ensighten.com/citi/na_prod/
612 KB
143 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
f10adae49adfa818062a6eceb50629a68614fb3fc25b59b2f1d77d8850bfd7c8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 05 Jul 2023 15:48:29 GMT
x-amz-version-id
T6oAT_f8G7Qoll54xuX0m31Qyk_NNISj
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
525367
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Wed, 05 Jul 2023 15:48:08 GMT
server
CloudFront
etag
W/"409dcdb02169e3668021846b3af7e6c0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
x-amz-cf-id
1YCLRxiNNuAuPRBbnD5Kzq1WlWGfJ3gChak8f5rUZE2KvZXVJk_JJg==
/
citi.bridgetrack.com/track/
43 B
381 B
Image
General
Full URL
https://citi.bridgetrack.com/track/?id=65345&random=1.25090423776252E+17
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:34 GMT
via
1.1 google
content-type
image/GIF
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 10 Jul 2023 17:44:35 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097475518
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097475518
363 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097475518
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
HTTP/1.1
Server
52.209.244.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-244-112.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
2a07a271b0b52925cfa0e508596f523efe5a5b7a7dd8e60a30945c75c53d28a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v050-0b90bf029.edge-irl1.demdex.com 4 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
aNkAxc66S6E=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://citicards.citi.com
Content-Type
application/json;charset=utf-8
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
306
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-irl1-1-v050-03af3081a.edge-irl1.demdex.com 0 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
lJKwmR4kRLg=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://citicards.citi.com
Location
https://dpm.demdex.net/id/rd?d_visid_ver=4.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=61834D9B5228A7430A490D45%40AdobeOrg&d_nsid=0&ts=1689097475518
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
430d3e594a046cfc3276d6d4dacdf0fedf24fd788d52bffb3582954a08025f07
tagmanager1.citi.com/one/v1/profiles/
583 B
647 B
XHR
General
Full URL
https://tagmanager1.citi.com/one/v1/profiles/430d3e594a046cfc3276d6d4dacdf0fedf24fd788d52bffb3582954a08025f07
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e4dda841c731d19974cdfa6ad5694ac6d20e9c10817574afd354413a634981f2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
content-encoding
gzip
server
nginx
x-ens-one-is-anonymous
true
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
*
access-control-allow-headers
*
x-ens-one-ttl
1695627671
apigw-requestid
H6Q4ogQAFiAEMQw=
serverComponent.php
nexus.ensighten.com/citi/na_prod/
2 KB
1 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_prod/code/&publishedOn=Wed%20Jul%2005%2015:48:04%20GMT%202023&ClientID=1129&PageID=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
59cc35650c78c4f0167f3db741b6b5382775db7d6e7f53eb07494d0473ab0b4c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
content-encoding
gzip
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
MUC50-C1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript
cache-control
no-cache, no-store
x-amz-cf-id
zStXBtkLgtxWdOLuQNDYElMfYCzKPOPJ1I4dibQnY0hns9fQSAP0BQ==
expires
Tue, 11 Jul 2023 17:44:34 GMT
851.bundle.js
citicards.citi.com/cbol/fraudprevention/js/
48 KB
16 KB
Script
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/js/851.bundle.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
4bd2e97ff103e4087829ada73ed0a4f97639bd1cf5fe57744dbb1504e6217d2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:34 GMT
content-encoding
gzip
via
1.1 google
last-modified
Mon, 17 Apr 2023 18:57:32 GMT
etag
"036e9765e71d91:0"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16148
interstate-light.woff
cdn.digitalmarketing.citibankonline.com/fonts/
17 KB
17 KB
Font
General
Full URL
https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-light.woff
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
236.138.107.34.bc.googleusercontent.com
Software
/
Resource Hash
0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citicards.citi.com/
Origin
https://citicards.citi.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 12:57:40 GMT
via
1.1 google
x-content-type-options
nosniff
last-modified
Mon, 10 Feb 2020 17:54:41 GMT
cross-origin-opener-policy
same-origin
age
17215
content-type
application/x-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17596
x-xss-protection
0
citicards.citi.com.json
script.crazyegg.com/pages/data-scripts/0090/1567/site/ Frame C2E4
9 KB
2 KB
XHR
General
Full URL
https://script.crazyegg.com/pages/data-scripts/0090/1567/site/citicards.citi.com.json?t=1
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0090/1567.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d6e33dcfd5a1375c052eed527254620aee4518f7430e70dfcb3c4055284a2282

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
content-encoding
gzip
cf-cache-status
HIT
age
2503
ce-version
11.5.100
content-length
2144
last-modified
Tue, 11 Jul 2023 17:02:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7e52daf8dfe93719-FRA
r.rnc
data.privacy.ensighten.com/privacy/v1/b/
0
107 B
Image
General
Full URL
https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=0&c=1129&i=8khosr&p=na_prod&s=354&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI4a2hvc3IiLCJwYWNrZXQiOjAsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8BkiLCJ0eXBlIjoiYmlsbGluZyIsInN0YXJ0IjoxNjg5MDk3NDc1OTUxYgDAZCI6LTEsInNvdXJjMgACKwBhdHVzIjoiZgBAYXNvbmUA1F0sImRhdGFQYXR0ZXISALBsaXN0IjpbXSwiaSAB8AA2ODkwOTc0NzU5NTF9XX0
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
cache-control
no-cache, no-store
server
nginx
expires
Tue, 11 Jul 2023 17:44:35 GMT
r.rnc
data.privacy.ensighten.com/privacy/v1/c/
0
106 B
Image
General
Full URL
https://data.privacy.ensighten.com/privacy/v1/c/r.rnc?n=0&c=1129&i=5w7hfb&p=na_prod&s=381&d=9Cd7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjkQAPAaTmFtZSI6ImNpdGkiLCJwdWJsaXNoUGF0aCI6Im5hX3Byb2QiLCJtb2QmAJBibGFja2xpc3RPAPAfb29raWVzIjp7IkNJVElfRU5TSUdIVEVOX1BSSVZBQ1lfQkFOTkVSX0xPQURFRJ0A8Q8ifSwiZHQiOjE2ODkwOTc0NzU5NjYsInNldHRpbmdLAPEqbW9kYWwiOiJlbnRlcnByaXNlIiwiZW52aXJvbm1lbnQiOiJDQk9MIFByaXZhY3kiLCJkZWZhdWx0PgD0CFBlcmZvcm1hbmNlLUFuYWx5dGljcyBDqgD5CDEsIkVzc2VudGlhbC1GdW5jdGlvbmFsIQDwAkFkdmVydGlzaW5nLVRhcmdlmwAHIgDwAH19LCJldmVudHMiOltdfQ
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
cache-control
no-cache, no-store
server
nginx
expires
Tue, 11 Jul 2023 17:44:35 GMT
dest5.html
citi.demdex.net/ Frame 730E
7 KB
3 KB
Document
General
Full URL
https://citi.demdex.net/dest5.html?d_nsid=0
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.208.156.123 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-208-156-123.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://citicards.citi.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
2791
Content-Type
text/html;charset=UTF-8
DCS
dcs-prod-irl1-1-v050-02e2ff31f.edge-irl1.demdex.com 0 ms
Expires
Thu, 01 Jan 1970 00:00:00 UTC
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
Kb9jqCjlR3A=
content-encoding
gzip
date
Tue, 11 Jul 2023 17:44:36 GMT
last-modified
Wed, 28 Jun 2023 12:57:16 GMT
vary
accept-encoding
id
metrics1.citi.com/
48 B
463 B
XHR
General
Full URL
https://metrics1.citi.com/id?d_visid_ver=4.4.0&d_fieldgroup=A&mcorgid=61834D9B5228A7430A490D45%40AdobeOrg&mid=70497391584545644181237011310633136959&ts=1689097475982
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
63.140.62.135 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
ip-63-140-62-135.data.adobedc.net
Software
jag /
Resource Hash
2bd6ed18c6050c02646b031a9b4907c1624e5fd37e8a025ea70bd5bc2e8e6421
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://citicards.citi.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
server
jag
vary
Origin
content-type
application/x-javascript;charset=utf-8
access-control-allow-origin
https://citicards.citi.com
p3p
CP="This is not a P3P policy"
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=ZK2VBAAAAFb2TANn
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=75272547503630130891767985019423787676
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VBAAAAFb2TANn
42 B
942 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VBAAAAFb2TANn
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
HTTP/1.1
Server
52.209.244.112 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-209-244-112.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

DCS
dcs-prod-irl1-1-v050-055a0ad1b.edge-irl1.demdex.com 2 ms
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
XO61AnEUTyM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Content-Type
image/gif
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZK2VBAAAAFb2TANn
Date
Tue, 11 Jul 2023 17:44:36 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
93935a4096516447172d9d3f1d23710d.js
nexus.ensighten.com/citi/na_prod/code/
1 KB
969 B
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/93935a4096516447172d9d3f1d23710d.js?conditionId0=433072
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 14:12:19 GMT
x-amz-version-id
.9Yu1fA6u9LpETfeDT0_cOHllcbsIoL2
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
6924737
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 20 Jul 2021 20:01:11 GMT
server
CloudFront
etag
W/"22035994ea9f0b167d391afd37705f26"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
vpMz9jqGG71Ap6XkEtpcvxsd_pK-lRWbUPEF9_1B2L0MGPPNzxryiQ==
7c8ae1f9c206930028672949c6703f6d.js
nexus.ensighten.com/citi/na_prod/code/
2 KB
2 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/7c8ae1f9c206930028672949c6703f6d.js?conditionId0=4849963
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 03:20:05 GMT
x-amz-version-id
fn0OQIG24n9jjHSfN2OozphT08M6eW_x
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
7914271
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 18 Oct 2022 17:52:59 GMT
server
CloudFront
etag
W/"7df0440e45009010a99db868682aafb3"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
59XIRzBUBnSSosihzLr6k7YVZc8pX8CrDpVlQAs6myVjSpG54CSd-A==
a8e6e75645a478743701a0de29db4661.js
nexus.ensighten.com/citi/na_prod/code/
5 KB
2 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/a8e6e75645a478743701a0de29db4661.js?conditionId0=4897099
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
d107585e5668bdc16163e383fd78e7a418f1eeb8a1093391dd69d7fd4f14450e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 25 May 2023 08:39:26 GMT
x-amz-version-id
wws6KB118wQQBLdhwHWaGrumLswtioTa
content-encoding
gzip
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
4093511
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 01 May 2023 19:21:07 GMT
server
CloudFront
etag
W/"b7b279129c64359bf0c1d6935957974f"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
6pl12nexR6WtIV1-VCUnd78CLskCeR9WP-wWSuHBEygS85grSux3yQ==
c65a3609e1beed72955b88afac8cd31d.js
nexus.ensighten.com/citi/na_prod/code/
2 KB
1 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/c65a3609e1beed72955b88afac8cd31d.js?conditionId0=480881
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
686eb5d7c927dd741ef72adda5c719b478d36f1e29520ee16d5121854c174b10

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Apr 2023 01:43:02 GMT
x-amz-version-id
wXRQEmBG4QJsg2TZDdHUFOaVLJIZHKhf
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
8352095
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 15 Dec 2022 04:55:25 GMT
server
CloudFront
etag
W/"e9bda8e342fda2a02ffa59c9064942d8"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
CcigXxFz4K3yrOI916w_83L_mtUM3qY1Z8K0bYNeVNQp94NXxSckTQ==
d795417d12c8f126e64e0009e16abb55.js
nexus.ensighten.com/citi/na_prod/code/
337 KB
45 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/d795417d12c8f126e64e0009e16abb55.js?conditionId0=421908
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
57708901f47a20f3fbe1aafedc530fbe49f01fb88714c9b4685426b94759f732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 05 Jul 2023 15:48:18 GMT
x-amz-version-id
xOcKYVNnwrtun1_P7HDELL7Ss9aSv6o7
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
525379
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Wed, 05 Jul 2023 15:48:08 GMT
server
CloudFront
etag
W/"6720564da36815a78cd072df37ce9d59"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
YE3SY6gwkyB2L6KWC_9O3iJRfRtAfUzZ4Ew7lmDXD92l21roD2m9hA==
b169b5211abcb59597c2a50d0834dad6.js
nexus.ensighten.com/citi/na_prod/code/
1 KB
1 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/b169b5211abcb59597c2a50d0834dad6.js?conditionId0=4854834
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
bfeb1411c94f38006c7a7c93992bfd348f825b5914c94ba2688060e77bd5f630

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 08:36:17 GMT
x-amz-version-id
_QsuTAI24qIEiqD9TkI.fzr0FP874P0F
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
6340100
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 16 Aug 2022 21:43:05 GMT
server
CloudFront
etag
W/"b251770ce4b6edc0b43f8a7659567774"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
oPGrY7tT4txNdteILa9sQHpW2SAbqtvz9z6cISctzgWe-lxlB_O91w==
93bd1173e004c5f14c8c312774a177d6.js
nexus.ensighten.com/citi/na_prod/code/
1 KB
974 B
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/93bd1173e004c5f14c8c312774a177d6.js?conditionId0=4936631
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
07f6baeb3a16d7474a408bd4f6ae6bfe8c2538c41ba342f2431ddc64264b4fcf

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 22:40:21 GMT
x-amz-version-id
nLZ6xTlu1iMFXeMTTYN4VPX3Tv1cDtk4
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
6462256
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 04 Oct 2022 17:38:26 GMT
server
CloudFront
etag
W/"1a018458600589c4b560bd7be94993f2"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
EJ2z98blv6rlkd1nuUIbhY7s8i4JmMKeTsLskAQ_2PQFANwGn03VCw==
f9112c4f4cc2da7bc760957da1d0a476.js
nexus.ensighten.com/citi/na_prod/code/
27 KB
5 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/f9112c4f4cc2da7bc760957da1d0a476.js?conditionId0=486757
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
18fe0fbfef31b4ef603a5827ac377792d1a68b93710d285e88623a79ea0e6870

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 08:36:01 GMT
x-amz-version-id
_EGaJ0JRqXa7HXWsIS89V3k4kvtsyejg
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
6340116
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 16 Feb 2023 18:50:31 GMT
server
CloudFront
etag
W/"341b188f6c2fe2107f63f9a2f998bb29"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
FbnzVGrEjmncCvyiMdCIO18frk5heOnPTQu8Ecz3TS_EU57aX_0dpg==
9d9a7667eda16421b759d3e4ae34d25f.js
nexus.ensighten.com/citi/na_prod/code/
27 KB
7 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/9d9a7667eda16421b759d3e4ae34d25f.js?conditionId0=467299
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
696482c2e2d088086d19d0fc4406632415e35b741ecc23151a75a39b8766a5d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 08:36:01 GMT
x-amz-version-id
iCANwNDAYzzLjFfP7PabUgezx4DdR6XE
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
6340116
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 16 Feb 2023 18:50:31 GMT
server
CloudFront
etag
W/"d7a7f92dbb8927a61cb31e29eea41b11"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
jSK6naAsyUnntugoHbqPiDw6z7jLMJ-j2VKXhktGOjOHnIM_tNVW7w==
ccb910f3b286651d23766cb6ef3edc43.js
nexus.ensighten.com/citi/na_prod/code/
396 KB
108 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/ccb910f3b286651d23766cb6ef3edc43.js?conditionId0=3013337
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
040d3398f360907cc7ca1b942e2213e6f360d39bac4a5fa9140e3ae82731c747

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 16 May 2023 16:05:09 GMT
x-amz-version-id
0bluFTYuI52H0CFwnZwsOCw1MVHJt6q6
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
4844368
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
last-modified
Tue, 16 May 2023 16:05:00 GMT
server
CloudFront
etag
W/"4a011f25eec2f5bd4ab48351fa9a1e43"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
yfkYe6_VUvW0hJxxPczZW28PlYulrJsjuECUBFGVrXtyUqXT96jLdQ==
f79ae745264b43f3faaab87bf3cdb75b.js
nexus.ensighten.com/citi/na_prod/code/
3 KB
1 KB
Script
General
Full URL
https://nexus.ensighten.com/citi/na_prod/code/f79ae745264b43f3faaab87bf3cdb75b.js?conditionId0=455897
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
40cefd284724286ec23670e16cc7b354c2cee0527edda1ae49eea62b8301bff4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Sat, 29 Apr 2023 08:36:01 GMT
x-amz-version-id
8CcfzS7DteGxKg7ZkR_HfOT6Gn8m3nM1
content-encoding
br
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
age
6340116
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 21 Mar 2023 17:54:28 GMT
server
CloudFront
etag
W/"e2e34f527a64b278bef126c9ab6f0955"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
sScSZiAQSC5vahH83EXml7z09RlTdVCnXdLfTPx4rxOlVIpHvwCnnQ==
61f2689d95e94c6ef599202edd32401c.js
script.crazyegg.com/pages/versioned/common-scripts/
77 KB
27 KB
Script
General
Full URL
https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db2ccc051fd7633008012ea29d2598c95d84c9a9c985db4359eb1982bd6f2b8b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Fri, 30 Jun 2023 09:34:40 GMT
server
cloudflare
age
7328
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000, s-maxage=31536000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7e52daf8fd435b26-FRA
content-length
27037
tc.min.js
c1.rfihub.net/js/
19 KB
6 KB
Script
General
Full URL
https://c1.rfihub.net/js/tc.min.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:f200:1:76cf:fe80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Jetty(9.4.51.v20230217) /
Resource Hash
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:08:22 GMT
content-encoding
gzip
via
1.1 39ed76664123c3090231ff0882467152.cloudfront.net (CloudFront)
last-modified
Tue, 11 Jul 2023 17:08:12 GMT
server
Jetty(9.4.51.v20230217)
x-amz-cf-pop
MUC50-C1
age
2174
x-cache
Hit from cloudfront
content-type
application/x-javascript
p3p
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
cache-control
public, max-age=3600
content-length
6162
x-amz-cf-id
ogA3jS8QoMw-EfXwbyrcNNVBK2q16_ZI0j_ZYOlC64zHdzyD0YqHEw==
expires
Tue, 11 Jul 2023 18:08:22 GMT
js
www.googletagmanager.com/gtag/
127 KB
49 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6260004
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1e5862041043d970c6305c4b719688a6d5a287db8f88dcbc9af71fa4d74faf91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50048
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:36 GMT
citicards.citi.com.json
script.crazyegg.com/pages/data-scripts/0090/1567/sampling/ Frame C2E4
152 B
255 B
XHR
General
Full URL
https://script.crazyegg.com/pages/data-scripts/0090/1567/sampling/citicards.citi.com.json?t=469193
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fa281e4dcbd2331514f3e107d332989ffb078ccf119b31dcd9b809ba809fbe6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
content-encoding
gzip
cf-cache-status
HIT
age
2503
ce-version
11.5.100
content-length
144
last-modified
Tue, 11 Jul 2023 17:02:53 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
CE-Version
cache-control
public, max-age=300, s-maxage=1209600
accept-ranges
bytes
timing-allow-origin
*
cf-ray
7e52daf9a8df3719-FRA
225.bundle.js
citicards.citi.com/cbol/fraudprevention/js/
203 KB
60 KB
Script
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/js/225.bundle.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
a8027ee9180a5a26fc10c906f300390608b2e6505153ea80390ae15bbe986732

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:52 GMT
etag
"078bbc7c65dd91:0"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60917
283.bundle.js
citicards.citi.com/cbol/fraudprevention/js/
125 KB
17 KB
Script
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/js/283.bundle.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
1cc998148cc12663c81cd4638e2dab2e75a52568104f426ab305c6773b4ec4ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
content-encoding
gzip
via
1.1 google
last-modified
Mon, 17 Apr 2023 18:57:32 GMT
etag
"036e9765e71d91:0"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17669
ca.html
20766699p.rfihub.com/ Frame 0CD9
118 B
680 B
Document
General
Full URL
https://20766699p.rfihub.com/ca.html?ver=9&ra=1564&rb=648&ca=20766699&_o=17169175&_t=citifraudpreventionlp&_rev=1&_pcode=1&_orderid=1&ssv_cuuid=&ssv_package=null&ssv_prodlist=null&ssv_pagename=citifraudpreventionlp&pe=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0%21.SEOz.eGI.lYg.xG%21.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&pf=&ra=3622311223722732
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.0.160.131 , United States, ASN54312 (ROCKETFUEL, US),
Reverse DNS
Software
Jetty(9.4.51.v20230217) /
Resource Hash
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76

Request headers

Referer
https://citicards.citi.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Content-Length
118
Content-Type
text/html;charset=utf-8
Date
Tue, 11 Jul 2023 17:44:36 GMT
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Server
Jetty(9.4.51.v20230217)
js
www.googletagmanager.com/gtag/
127 KB
49 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6269322&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c3ccd760096e4a9ba6d6f0302d42f6b733918f7de23737df8ae5060dc1c438f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50105
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 16:32:58 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:36 GMT
js
www.googletagmanager.com/gtag/
127 KB
49 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6256710&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
442690cb575e03bf903ae84969aa152f6a2875519e64df5ee2133f41ac21feae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50103
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:36 GMT
js
www.googletagmanager.com/gtag/
127 KB
49 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-6415812&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
372be8b7e84a6bd3cd3fb8ca8f2850bd1d51075c8df11c4f80660d7874a13424
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50100
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:36 GMT
healthcheck
pagestates-tracking.crazyegg.com/ Frame C2E4
19 B
463 B
XHR
General
Full URL
https://pagestates-tracking.crazyegg.com/healthcheck
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.97.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-97-121.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Thu, 06 Apr 2023 11:18:30 GMT
via
1.1 7ed0982309781d390a105a3ead66dbfa.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
age
8317567
x-cache
Hit from cloudfront
content-length
19
last-modified
Fri, 08 Jul 2022 22:25:51 GMT
server
AmazonS3
etag
"d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age
31536000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
accept-ranges
bytes
x-amz-cf-id
UUpz5D8IN6hNvfYBkddGVt8LWr6ox5RDYS9d8dk2q3ICUaVRSZxhNA==
healthcheck
assets-tracking.crazyegg.com/ Frame C2E4
19 B
462 B
XHR
General
Full URL
https://assets-tracking.crazyegg.com/healthcheck
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.248.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-248-47.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 17 Jan 2023 03:56:02 GMT
via
1.1 63d9e08bce2adee06986125b699b4cec.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-P1
age
15169715
x-cache
Hit from cloudfront
content-length
19
last-modified
Fri, 08 Jul 2022 22:25:51 GMT
server
AmazonS3
etag
"d06f04fccf68d0b228a5923187ce1afd"
access-control-max-age
31536000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin
accept-ranges
bytes
x-amz-cf-id
VqvBWesgif30wS6Zkjhp-vOuqH8s5GZ62Zh6e-Mm7rMTpJ49S8Oorw==
b7d375f3-1194-48d5-92cf-ea1646c18e00
https://citicards.citi.com/
45 B
0
Other
General
Full URL
blob:https://citicards.citi.com/b7d375f3-1194-48d5-92cf-ea1646c18e00
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length
45
Content-Type
text/javascript
delivery
citicorpcreditservic.tt.omtrdc.net/rest/v1/
363 B
1 KB
XHR
General
Full URL
https://citicorpcreditservic.tt.omtrdc.net/rest/v1/delivery?client=citicorpcreditservic&sessionId=48dad3640cbb4931b22abb5f62393b89&version=2.10.0
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
66.235.152.143 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-66-235-152-143.data.adobedc.net
Software
jag /
Resource Hash
e2222fd30ffb381c16af460298a066d8d7c2bafd22c4f7e0ddea291972a7e845
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://citicards.citi.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
text/plain

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
x-xss-protection
1; mode=block
x-request-id
647ec9ac-80e0-4fb1-8ce1-c8b90b8d695d
referrer-policy
strict-origin-when-cross-origin
accept-ch
Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server
jag
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://citicards.citi.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
timing-allow-origin
*
clock
tracking.crazyegg.com/ Frame C2E4
26 B
133 B
XHR
General
Full URL
https://tracking.crazyegg.com/clock?t=1689097476271&tk=3353697c62395c48c0b0030a6d85efcd&s=340498&p=%2Fcbol%2Ffraudprevention%2Fdefault.htm&u=901567&v=1fa02089ab77729fbe4418048eb39b3c4a8127a8&f=citicards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&ul=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/61f2689d95e94c6ef599202edd32401c.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.91.174 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-91-174.eu-west-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
95413b0b0487f654b60a6098b3fc0de3ab18efd9580990bbbd6c466d737340e2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 11 Jul 2023 17:44:36 GMT
cache-control
no-store
server
awselb/2.0
content-length
26
content-type
text/plain
fraud-hero-tab.jpg
citicards.citi.com/cbol/fraudprevention/images/
81 KB
81 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/fraud-hero-tab.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
fd6d62f4d67e7fda1a1402702346bc50fd7c172c18393a4e0210257b2adbe62d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
82608
slide-0-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
10 KB
10 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/slide-0-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
7b699b93e69fda495eb30c70f72207299c8f949accd7b1e8a935948d59d9af44

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10704
slide-1-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
11 KB
11 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/slide-1-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
c55531a41c4e531e807f3b8bf2239d470626738ff131c50df61dee9d11779efd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11088
slide-2-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
10 KB
10 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/slide-2-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
169497aeb22981c6c521fc664347e3d61bfa45949950fece4d1b094543bb64f9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10584
slide-3-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
9 KB
9 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/slide-3-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
6424b26e1c9ad15f0ed6d53c59c7fc52b8265ae94a4f6ccbc65657a8ab6693b4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9250
slide-4-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
8 KB
8 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/slide-4-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
b4574a5464bce4c31ea7e1ad1df26cc530c9aec80c6e9589bad98b2c490f53c3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8197
slide-5-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
9 KB
9 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/slide-5-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
7e00d5a424ff85e9c4c39a0341813e09d662e1f61f128790a5abe1caefb46f92

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9495
phone-dsk.png
citicards.citi.com/cbol/fraudprevention/images/
11 KB
11 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/phone-dsk.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
372b67a92ab446419a50836bef8d4cb1e67c3c453635802b8e76851f97506a6a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Tue, 06 Dec 2022 15:57:16 GMT
etag
"0968b698b9d91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
11197
quicklock-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/quicklock-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
c0fb20eb7da599c08ef260ec8603add33ea00a752146ebb8dcb1610c126ec746

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:08 GMT
etag
"06ca8365cfbd81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1415
authentication-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/authentication-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
c63de0488dd3407907555cfe3e116489a04cb99057b5133442fb20be704d2876

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Jun 2022 22:00:24 GMT
etag
"0ca2a34c87d81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1351
warning-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/warning-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
41d6ee7d6834807df0b1c075d37e868b03c8f6474f3d41971cdc660cf36790af

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Jun 2022 22:00:24 GMT
etag
"0ca2a34c87d81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1364
wallet-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
848 B
865 B
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/wallet-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
5b67ef142e18bfb86f4dac4a466758f51db4171863f56925eb6ae2c242b416ff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Jun 2022 22:00:24 GMT
etag
"0ca2a34c87d81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
848
alert-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/alert-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
b20679c2b5ac8bf42dcd693e1c324b1c7b7f597c9a54c3c6f5609a73c6f08916

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:08 GMT
etag
"06ca8365cfbd81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2039
sms-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
858 B
875 B
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/sms-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
9b61a38abc0e343f9cdeb049ded0608b26d80ac51673dc59113c661e11b405f8

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:08 GMT
etag
"06ca8365cfbd81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
858
phone-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
850 B
867 B
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/phone-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
a3e459748cea4644f18f82a58e89526526ff2e4aa862f4013ef89240a728b9c0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:08 GMT
etag
"06ca8365cfbd81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
850
security-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/security-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
61d1bb42616337c62614385e8a3045e00d5724568b0cbe1701e45b2c80eb5bc6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:08 GMT
etag
"06ca8365cfbd81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1463
pin-icon.svg
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/pin-icon.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
6038d7791fbab95f51c10c0c28a125aeffeca7474d5a8e03f77ad48ef69d2c2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:52 GMT
etag
"078bbc7c65dd91:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1877
article-0-dsk.jpg
citicards.citi.com/cbol/fraudprevention/images/
44 KB
44 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/article-0-dsk.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
c090ca35fa296ca439f61d5a139459b3be5bb7c729086bdf268cdf27f236f7d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
44958
article-1-dsk.jpg
citicards.citi.com/cbol/fraudprevention/images/
44 KB
44 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/article-1-dsk.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
6790995e96e099f5fcb8e62a1c0bd602f44ddfd8189dd6ff6a0e1449eeb39978

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
45322
article-2-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
28 KB
28 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/article-2-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
18e4bd3ec81538c19da48add5f6bcabe99cabf7279806624e3bdf630537e9447

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:08 GMT
etag
"06ca8365cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
28352
article-3-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
41 KB
41 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/article-3-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
dcfe7c5333c1446a6d4b0b3d9cf9fdb5d6d4ad57c604b647475f6e315cfb2e23

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:08 GMT
etag
"06ca8365cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42073
article-4-mob.jpg
citicards.citi.com/cbol/fraudprevention/images/
8 KB
8 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/article-4-mob.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
94d185b092eb12a399becc1cf4fbd11ca29ee301156b298cbb16408b8f924702

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/jpeg
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8135
interstate-bold.woff
cdn.digitalmarketing.citibankonline.com/fonts/
17 KB
17 KB
Font
General
Full URL
https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-bold.woff
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
236.138.107.34.bc.googleusercontent.com
Software
/
Resource Hash
28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citicards.citi.com/
Origin
https://citicards.citi.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 18:31:27 GMT
via
1.1 google
x-content-type-options
nosniff
last-modified
Mon, 10 Feb 2020 17:54:07 GMT
cross-origin-opener-policy
same-origin
age
2329989
content-type
application/x-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17500
x-xss-protection
0
interstate-regular.woff
cdn.digitalmarketing.citibankonline.com/fonts/
17 KB
17 KB
Font
General
Full URL
https://cdn.digitalmarketing.citibankonline.com/fonts/interstate-regular.woff
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
236.138.107.34.bc.googleusercontent.com
Software
/
Resource Hash
6896c70fd430a1ffe69dc778926e1866ca52a12bd341170522ad6278aafd7bcf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://citicards.citi.com/
Origin
https://citicards.citi.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Wed, 14 Jun 2023 18:31:27 GMT
via
1.1 google
x-content-type-options
nosniff
last-modified
Mon, 10 Feb 2020 17:54:07 GMT
cross-origin-opener-policy
same-origin
age
2329989
content-type
application/x-woff
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17592
x-xss-protection
0
ajax-loader.gif
citicards.citi.com/cbol/fraudprevention/images/
4 KB
4 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/ajax-loader.gif
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Jun 2022 22:00:24 GMT
etag
"0ca2a34c87d81:0"
content-type
image/gif
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4178
carousel-arrow.svg
citicards.citi.com/cbol/fraudprevention/images/
375 B
392 B
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/carousel-arrow.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
0692d8f575c2522bf66816e9190859e9a1135ced06f09a9d4145c146abeaf46b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Jun 2022 22:00:24 GMT
etag
"0ca2a34c87d81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
375
slick.woff
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Font
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/slick.woff
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
56500ab0cde6f2d4378a2b105d7f48f729f23b0b5186c2ae3fc80ab57b1e43b6

Request headers

Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Origin
https://citicards.citi.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Jun 2022 22:00:24 GMT
etag
"0ca2a34c87d81:0"
content-type
application/x-woff
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1356
close.svg
citicards.citi.com/cbol/fraudprevention/images/
444 B
461 B
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/close.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
c115f10444ec77e06c3a78d333dcc36d1d9996c24ce7086c8cf39caed0dbbc9a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Jun 2022 22:00:24 GMT
etag
"0ca2a34c87d81:0"
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
444
header-citi-logo-dark.svg
citicards.citi.com/cbol/fraudprevention/images/
4 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/header-citi-logo-dark.svg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
798d2817849805518cc159e3194bf87db2de912b5fb65d271d6ad35220b523e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
content-encoding
gzip
via
1.1 google
last-modified
Thu, 23 Jun 2022 22:00:24 GMT
etag
"0ca2a34c87d81:0"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1547
icon-animation.gif
citicards.citi.com/cbol/fraudprevention/images/
196 KB
196 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/icon-animation.gif
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
0155792b9a2663cd6b988cf1c1f79d8cacb5a412f37030d3b3dd310e41e80be6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Fri, 18 Nov 2022 14:44:10 GMT
etag
"099d9375cfbd81:0"
content-type
image/gif
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
200242
spoof-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/
61 KB
61 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/spoof-screen-dsk.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
70cfee2273cff08adc1de934c7ba4c26ef37c552c0265a619f7aaae84b366082

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62004
spoof-numbers-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/
69 KB
69 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/spoof-numbers-screen-dsk.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e2032422cf97795d878d7e8f6c5680b61003a0e7426d090ad76414416d5e109b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
71061
half-screen-dsk.png
citicards.citi.com/cbol/fraudprevention/images/
19 KB
19 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/half-screen-dsk.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
3563b6e04f40fe3731855ce09dfd2e5f9e2352a3fe1107ca4bd7be199be7a466

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
19680
pin.png
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/pin.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
d3c368636acfbc1ad3110ecd7e83cd91201a25035eefb869f0ba53fc80556ae5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1973
zelle.png
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/zelle.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
9e99b16368b8c1087c20b7cfcd4d347ad8d9ad87e2f12c02bde98d77fb0f4aa3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1366
remote.png
citicards.citi.com/cbol/fraudprevention/images/
669 B
686 B
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/remote.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
5bc08566dd8013e3cd19dfd6f84bfdd4158f10ccf58fcfb79d70a251a00f6244

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
669
personal-info.png
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/personal-info.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
d7e512037d471d67911554862fb8b410aefdefda17c8e82f8eb07d2416363d1f

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1937
bank.png
citicards.citi.com/cbol/fraudprevention/images/
654 B
670 B
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/bank.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
2584c6004529409e7de7c99038212f52c80abd0ea8433e69bae062fb2fbeeaf3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
654
fundraiser.png
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/fundraiser.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
676e54cdee3f1e714af561b2de2074adc44558f0af9228f6a6549591b77ee06d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1436
email.png
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/email.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
c239243e04a137032106c293cb8cfb93057add704fa7a1c6a6e6c577c400b7fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1476
romance.png
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/romance.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
a4d1700a5722627ab817f154047da828c8eab3153daf0251fd4ec06e4a86acea

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1819
mobile.png
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/mobile.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
25d29d4c6e744e54c9e16f2f27a9cea3d936047813399376dcc5bd852b506a38

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1893
grandparents.png
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/grandparents.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
8f1b37fd8027cd3572e65d86ff4abc177632d7a232bccfb149801e25412950df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2309
surprise.png
citicards.citi.com/cbol/fraudprevention/images/
3 KB
3 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/surprise.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
d126d27ad49023fbb9eee98910b70ff75515eedb4c471a20a3d895e8bf160b43

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2723
irs.png
citicards.citi.com/cbol/fraudprevention/images/
1 KB
1 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/irs.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef30ea175304f6c549c4780d5bf6fd45c3ec79e1ec5dccbd54644231d5a30b88

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1401
security.png
citicards.citi.com/cbol/fraudprevention/images/
4 KB
4 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/security.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
1189d926238344b283108b3493cf0469d4fd851d185f22fd9366a225c44d3e7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4077
data-compromise.png
citicards.citi.com/cbol/fraudprevention/images/
3 KB
3 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/data-compromise.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
465f3efefba82cfd554d95f93205978eeb3c075f3f56e790615ede3e0611411e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2882
text.png
citicards.citi.com/cbol/fraudprevention/images/
733 B
750 B
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/text.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
d72fcc31881c8545b5d0a716d9b66404dfed56c11ec7f7304a50d94e3b80858a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
733
phone.png
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/phone.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
c892e3f2d2a1431a8ebae99542926bfedf2d7ece6652b04e556d6136cabd8295

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2373
lottery.png
citicards.citi.com/cbol/fraudprevention/images/
3 KB
3 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/lottery.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
d3032ff7e71a938ab86456c60267b219f399ee6e17588690b26707ac4ab33682

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:35 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2611
gimmick.png
citicards.citi.com/cbol/fraudprevention/images/
2 KB
2 KB
Image
General
Full URL
https://citicards.citi.com/cbol/fraudprevention/images/gimmick.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
d908e0bbf3a80aa1e4108a7847f6a61c1acfb6dd43f7c2e997f9fdc107391577

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:36 GMT
via
1.1 google
last-modified
Thu, 23 Mar 2023 20:33:54 GMT
etag
"0a5ecc8c65dd91:0"
content-type
image/png
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2150
dab23fcb-9fc6-46c0-9d1d-791585dea7f0
https://citicards.citi.com/
241 B
0
Other
General
Full URL
blob:https://citicards.citi.com/dab23fcb-9fc6-46c0-9d1d-791585dea7f0
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/cbol/fraudprevention/default.htm?BTData=EFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E&ProspectID=4794C088A1E34967B16D3FEDACF6C97D
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a4feacf07f26856360c14267fa1d8edd0459996feb8ad471da273cbf7510e4cb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Content-Length
241
Content-Type
text/javascript
/
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/
8 KB
4 KB
Script
General
Full URL
https://zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3VI8kkudS0JJRFc
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04ce45e70778ae8ff4eb970e620665a7e48552a96ddc99e92b8bf1c08592d985
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
66218
cf-polished
origSize=9073
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
cf-bgj
minify
server
cloudflare
etag
W/"2371-plMc4Vf+CGoqroHiYCmsJkLyNy0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7e52daffcfef18c1-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
js
www.googletagmanager.com/gtag/
189 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-916451471
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
72fd91a025a1df956dcad9bf2bbd020ff03c72ac895e7c6ccbaf588d10ef7c19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70210
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
425466.html
sr.rlcdn.com/ Frame 62F7
0
98 B
Document
General
Full URL
https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://citicards.citi.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Tue, 11 Jul 2023 17:44:37 GMT
via
1.1 google
bat.js
bat.bing.com/
40 KB
12 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Tue, 11 Jul 2023 17:44:37 GMT
last-modified
Thu, 11 May 2023 18:08:27 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 4642CBCCDB2A4B16B572D8CA60BC9D75 Ref B: FRA31EDGE0109 Ref C: 2023-07-11T17:44:37Z
etag
"80df77953384d91:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
12183
dpm_pixel_min.js
c.tvpixel.com/js/current/
103 KB
32 KB
Script
General
Full URL
https://c.tvpixel.com/js/current/dpm_pixel_min.js?aid=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&comscore=true
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2247:2c00:1d:bf0a:0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 00:11:18 GMT
x-amz-version-id
oMk5SFqHXboEDRm2.vDWImtx_4ARYxEl
content-encoding
gzip
last-modified
Thu, 16 Sep 2021 18:14:59 GMT
server
AmazonS3
via
1.1 03989e0a7def97f8cd0c031a3672342a.cloudfront.net (CloudFront)
x-amz-cf-pop
MXP63-P2
etag
W/"08e770c8a17bf087d50cec01af0892c2"
age
63199
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
gkacGUq3n_clA6U1uq8djI6ilHHsJH9Jhx4UKqfQ9fO-X6iWFtY7UQ==
up_loader.1.1.0.js
js.adsrvr.org/
4 KB
2 KB
Script
General
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.225.33.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-33-74.cdg3.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 11 Jul 2023 02:17:21 GMT
Content-Encoding
gzip
Via
1.1 ab2bf60f47d9c624cd5e084e1a1fb3d4.cloudfront.net (CloudFront)
Last-Modified
Thu, 24 Sep 2020 15:15:34 GMT
Server
AmazonS3
X-Amz-Cf-Pop
CDG3-C2
Age
55637
ETag
W/"98d98b3499058b76d58073cf8ede2f10"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
9n9hNa05kOOhUy-OfYPpNcKe-uS3JYmT2LVqRjth3EiNhMyP2uuwQg==
iu3
s.amazon-adsystem.com/
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView
  • https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
0
0
Image
General
Full URL
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
Protocol
HTTP/1.1
Server
52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Tue, 11 Jul 2023 17:44:37 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
TYZJJMSK7Y3AH09JD7BS
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?pid=c3702eea-109e-48b0-9ef4-c856bdd405e2&event=PageView&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
e.gif
nexus.ensighten.com/error/
0
250 B
Image
General
Full URL
https://nexus.ensighten.com/error/e.gif?msg=%24%20is%20not%20defined&lnn=-1&fn=&cid=1129&client=citi&publishPath=na_prod&rid=2680754&did=572750&errorName=ReferenceError
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.39 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-39.muc50.r.cloudfront.net
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 05:41:03 GMT
via
1.1 847372cac152a2575995d0b13be85a88.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
MUC50-C1
age
43414
x-cache
Hit from cloudfront
cache-control
no-cache, no-store
x-amz-cf-id
PJI8OKzeJvRZuaBV-KGW49ealFudI-k0s4_QdpqP0RP1MWx14QQz4Q==
cls_report
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266/
5 KB
2 KB
XHR
General
Full URL
https://prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266/cls_report?_cls_s=5426eedf-56c6-4c8b-b317-72d795f06849%3A0&_cls_v=bb3c0ea8-f829-450b-a655-ca74490ae1d2&pv=2&f_cls_s=true
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.156.57.223 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-57-223.compute-1.amazonaws.com
Software
GlassBox Cligate /
Resource Hash
49c1fd853338278e69f8619214938e4ec254a86e9b154f36d9239c05e50fb6fa
Security Headers
Name Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

Date
Tue, 11 Jul 2023 17:44:37 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
Content-Security-Policy
default-src 'self';
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
1192
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Server
GlassBox Cligate
X-Frame-Options
SAMEORIGIN
vary
origin
Content-Type
application/json
access-control-allow-origin
https://citicards.citi.com
access-control-allow-credentials
true
GB-Server
g5085
X-Robots-Tag
noindex
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/916451471/?random=1689097477082&cv=11&fst=1689097477082&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d750ae97310d5b660387fca124fb574a9f0a8d07426ca460962b005da2b3d4dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1439
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/
189 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-960621875&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
aaebee09409336c2c7cfccbd7b3ca3360032cf5983affeaea5eca39a15de3fd8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70299
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
js
www.googletagmanager.com/gtag/
141 KB
54 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-644574043&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7c152e903c61de42f520985506d68cb7ad9ee20c14ce1d5a8e68b23c8c68c8fc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55344
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 16:32:58 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
js
www.googletagmanager.com/gtag/
141 KB
54 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-975701947&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c8d995577941cd43dc86dbcc2adf1c6cb795864d47697b6c17cd754072f887c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55155
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
js
www.googletagmanager.com/gtag/
202 KB
72 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-830907969&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
73025a9fc3f5038650e940464b6f316404451750f04f12e0548ace2b741808c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73515
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 16:32:58 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
js
www.googletagmanager.com/gtag/
141 KB
54 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-695231162&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c6bc48664c752eb1c7ab46a024dd00a899b439975229c8cfdcf9b2a37ced0323
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55211
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
js
www.googletagmanager.com/gtag/
192 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-819500023&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6b2fb44b878d0e300b7cba863494945044fc0897374187b04721dddb79e51def
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70844
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
js
www.googletagmanager.com/gtag/
141 KB
54 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-959299794&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2b927b46fdcf7fbfc942ca14953b5aabc29d187ac54c8f9c5a24991f90a615af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
55210
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 17:23:07 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
js
www.googletagmanager.com/gtag/
189 KB
69 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10955006959&l=dataLayer&cx=c
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1640694b7752006abb6e719d1dee6a2c3791cf00d4047e577ee20408342fb897
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
70292
x-xss-protection
0
last-modified
Tue, 11 Jul 2023 16:32:58 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 11 Jul 2023 17:44:37 GMT
up
insight.adsrvr.org/track/ Frame 4ED1
0
182 B
Document
General
Full URL
https://insight.adsrvr.org/track/up?adv=1jw5cvl&ref=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&upid=hqgowpz&upv=1.1.0&id=ttdUniversalPixelTag1689097477033&td1=Sapient_cbol_citi_fraud_prevention_lp
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a6370ebea231e0c9a.awsglobalaccelerator.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://citicards.citi.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
private,no-cache, must-revalidate
content-type
text/html
date
Tue, 11 Jul 2023 17:44:37 GMT
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
pragma
no-cache
x-aspnet-version
4.0.30319
16001692.js
bat.bing.com/p/action/
0
118 B
Script
General
Full URL
https://bat.bing.com/p/action/16001692.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Tue, 11 Jul 2023 17:44:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 05C2D97BD91547B7A2B82DB9864C9E18 Ref B: FRA31EDGE0109 Ref C: 2023-07-11T17:44:37Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/
0
232 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=9a7326c5-ebd0-4b4a-a9b3-99c3c972f538&sid=9aa913e0201211eeb54505b40e2ce191&vid=9aa96800201211ee86f42952b0b9ff4a&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fraud%20Prevention%20%7C%20Citi.com&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&r=&lt=5242&evt=pageLoad&sv=1&rn=393825
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 11 Jul 2023 17:44:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: CC3DF8D1D4E7461980DDB445551A12D9 Ref B: FRA31EDGE0109 Ref C: 2023-07-11T17:44:37Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/
0
288 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=16001692&Ver=2&mid=9a7326c5-ebd0-4b4a-a9b3-99c3c972f538&sid=9aa913e0201211eeb54505b40e2ce191&vid=9aa96800201211ee86f42952b0b9ff4a&vids=0&msclkid=N&ec=Sapient_cbol_citi_fraud_prevention_lp&ea=Application&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&sw=1600&sh=1200&sc=24&evt=custom&rn=53380
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 11 Jul 2023 17:44:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: CA87A8FF86F1456C8055742DC7711EF3 Ref B: FRA31EDGE0109 Ref C: 2023-07-11T17:44:37Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
16003743.js
bat.bing.com/p/action/
0
120 B
Script
General
Full URL
https://bat.bing.com/p/action/16003743.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Tue, 11 Jul 2023 17:44:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 03B7AC6799EB4CFBBF39AF86F41CCEA3 Ref B: FRA31EDGE0109 Ref C: 2023-07-11T17:44:37Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/
0
229 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=056c55e8-8a28-45a3-92a4-1436de34c924&sid=9aa913e0201211eeb54505b40e2ce191&vid=9aa96800201211ee86f42952b0b9ff4a&vids=0&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Fraud%20Prevention%20%7C%20Citi.com&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&r=&lt=5242&evt=pageLoad&sv=1&rn=928687
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 11 Jul 2023 17:44:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0AA91048D0B440B7B2366F723A0DC097 Ref B: FRA31EDGE0109 Ref C: 2023-07-11T17:44:37Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
0
bat.bing.com/action/
0
231 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=16003743&Ver=2&mid=056c55e8-8a28-45a3-92a4-1436de34c924&sid=9aa913e0201211eeb54505b40e2ce191&vid=9aa96800201211ee86f42952b0b9ff4a&vids=0&msclkid=N&ec=Sapient_cbol_citi_fraud_prevention_lp&ea=Application&p=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm&sw=1600&sh=1200&sc=24&evt=custom&rn=907115
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 11 Jul 2023 17:44:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 4958DC0E7BD34F0BA7E909C356891A03 Ref B: FRA31EDGE0109 Ref C: 2023-07-11T17:44:37Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
12.ab92b717dec244c92313.chunk.js
siteintercept.qualtrics.com/dxjsmodule/
68 KB
21 KB
Script
General
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/12.ab92b717dec244c92313.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citicards.citi.com
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1aa2b97a967263d27c2f5591098fdae938891217f7288d1bf03b800963c3d270
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
84989
cf-polished
origSize=70533
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj
minify
server
cloudflare
etag
W/"11385-18908960dd8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7e52db0098d218c1-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/
2 B
329 B
XHR
General
Full URL
https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.198.94.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-198-94-134.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df

Request headers

Referer
https://citicards.citi.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-Type
application/json; charset=UTF-8

Response headers

access-control-allow-origin
https://citicards.citi.com
date
Tue, 11 Jul 2023 17:44:37 GMT
access-control-allow-credentials
true
content-type
text/plain; charset=UTF-8
server
nginx
content-length
2
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
p
sb.scorecardresearch.com/
43 B
299 B
Image
General
Full URL
https://sb.scorecardresearch.com/p?c1=2&c2=34402982&ns_type=hidden&ns_event=page_view&c6=citi-d4f85824-1351-4554-91ff-fdb56f962c5c&c7=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&c8=Fraud%20Prevention%20%7C%20Citi.com&c9=&rn=1689097477196
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.222.149.8 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-222-149-8.cdg52.r.cloudfront.net
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
via
1.1 32a3d8b90281de379fa6ae275a2021bc.cloudfront.net (CloudFront)
accept-ch
UA, Platform, Arch, Model, Mobile
x-amz-cf-pop
CDG52-P1
x-cache
Miss from cloudfront
content-type
image/gif
content-length
43
x-amz-cf-id
ddmvAguIb_u5QPG10IugBkFxMhcvZ6TJPk2N4tKNEb3B7KzlR5upJg==
tp2
p.tvpixel.com/com.snowplowanalytics.snowplow/ Frame
0
0
Preflight
General
Full URL
https://p.tvpixel.com/com.snowplowanalytics.snowplow/tp2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.198.94.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-198-94-134.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://citicards.citi.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, SP-Anonymous
access-control-allow-origin
https://citicards.citi.com
access-control-max-age
600
content-length
0
date
Tue, 11 Jul 2023 17:44:37 GMT
server
nginx
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/695231162/?random=1689097477236&cv=11&fst=1689097477236&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6fc78c662ed2d06f144425cf66aa944d0560259bc1426a772b2ac974531ee8db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1439
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/975701947/?random=1689097477268&cv=11&fst=1689097477268&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
3257140310ae8f99f14d384e078ca9f38a0034523b2e319133211a2abe8cb7ad
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1439
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/644574043/?random=1689097477307&cv=11&fst=1689097477307&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
f4592559f32c358656dec6f72f2124b72269659256be0e63661ca5b34177769b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1439
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/959299794/?random=1689097477334&cv=11&fst=1689097477334&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
0c4e75e13e4b85762fadd82516c6e788aaf18739baad8406842c12355cdfb8b3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1439
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10955006959/?random=1689097477380&cv=11&fst=1689097477380&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
6b05fa11f39076a1b0e23a554192b1b541108adccc00e688a2e1e47e928ce052
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1442
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/819500023/?random=1689097477426&cv=11&fst=1689097477426&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
243be78545efd21ff3b05e1df8898520911363c569dc19a67e77d35e63b6e574
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1439
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/960621875/?random=1689097477465&cv=11&fst=1689097477465&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
30a7ef5e88e9b00fa6d82e880b1887bf8e303cc6cad63052ef442a01c46e11ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1440
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/
3 KB
1 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/830907969/?random=1689097477524&cv=11&fst=1689097477524&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&hn=www.googleadservices.com&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&auid=1309096529.1689097476&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:801::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
797977a82780caf89bda3412509861e72e144d86673572b9e9b72d926c8bcbe1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1440
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/916451471/
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/916451471/?random=1689097477082&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2289874504&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/916451471/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/916451471/?random=1689097477082&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2289874504&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/
9 KB
2 KB
XHR
General
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3VI8kkudS0JJRFc&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8b965e2d53f89341d1eab47b1c06b389abb8785485d8cf92d72e4b5884a59e41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://citicards.citi.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://citicards.citi.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
permissions-policy
camera=(), geolocation=(), microphone=()
trace-id
163e72d24d195cee
cf-ray
7e52db031bc718c1-FRA
timing-allow-origin
*
/
www.google.com/pagead/1p-user-list/975701947/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/975701947/?random=1689097477268&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3963848058&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/975701947/
42 B
455 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/975701947/?random=1689097477268&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3963848058&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/695231162/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/695231162/?random=1689097477236&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1333482980&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/695231162/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/695231162/?random=1689097477236&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=1333482980&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/644574043/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/644574043/?random=1689097477307&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2585988937&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/644574043/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/644574043/?random=1689097477307&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2585988937&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/960621875/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/960621875/?random=1689097477465&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=311539603&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/960621875/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/960621875/?random=1689097477465&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=311539603&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/959299794/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/959299794/?random=1689097477334&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=406939384&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/959299794/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/959299794/?random=1689097477334&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=406939384&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10955006959/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/10955006959/?random=1689097477380&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729815987&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10955006959/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/10955006959/?random=1689097477380&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=3729815987&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/819500023/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/819500023/?random=1689097477426&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2078910855&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/819500023/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/819500023/?random=1689097477426&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2078910855&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/830907969/
42 B
108 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/830907969/?random=1689097477524&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=885742031&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/830907969/
42 B
108 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/830907969/?random=1689097477524&cv=11&fst=1689094800000&bg=ffffff&guid=ON&async=1&gtm=45be37a0&u_w=1600&u_h=1200&url=https%3A%2F%2Fciticards.citi.com%2Fcbol%2Ffraudprevention%2Fdefault.htm%3FBTData%3DEFe.B.gAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.E%26ProspectID%3D4794C088A1E34967B16D3FEDACF6C97D&frm=0&tiba=Fraud%20Prevention%20%7C%20Citi.com&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=885742031&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Jul 2023 17:44:37 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
CoreModule.js
siteintercept.qualtrics.com/dxjsmodule/
102 KB
32 KB
Script
General
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/CoreModule.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b9265f44392cf6867327d090d6553738c6ce2223ffa70dd3bf82885f6b2d7be6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
84988
cf-polished
origSize=105216
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj
minify
server
cloudflare
etag
W/"19b00-18908960dd8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7e52db035c1718c1-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
7.cff97ca457c7bcbf778b.chunk.js
siteintercept.qualtrics.com/dxjsmodule/
2 KB
914 B
Script
General
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/7.cff97ca457c7bcbf778b.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f2f6e980489a52d69fd72e2bc3c3eeb96bf851d0df449fc865637d63ee4775ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
84988
cf-polished
origSize=2522
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj
minify
server
cloudflare
etag
W/"9da-18908960dd8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7e52db03ac9018c1-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
1.0c5a57685cec0137b83a.chunk.js
siteintercept.qualtrics.com/dxjsmodule/
28 KB
7 KB
Script
General
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/1.0c5a57685cec0137b83a.chunk.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2bab576a1654b30cbc8ea7514784fe81dd0d35450205e30f0a66498faf577757
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
84988
cf-polished
origSize=29374
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj
minify
server
cloudflare
etag
W/"72be-18908960dd8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7e52db03ac9218c1-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
FeedbackButtonModule.js
siteintercept.qualtrics.com/dxjsmodule/
63 KB
23 KB
Script
General
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/FeedbackButtonModule.js?Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web&Q_BRANDID=citifeedback
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b24c5b325810b01a60487c8a42151b8f6ac44d1173722ec526c54fe7c4b7c762
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
84953
cf-polished
origSize=65177
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 29 Jun 2023 19:16:39 GMT
cf-bgj
minify
server
cloudflare
etag
W/"fe99-18908960dd8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7e52db03bc9618c1-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/
5 KB
2 KB
XHR
General
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=SI_0AioryRkl8bxHM2&Version=21&Q_ORIGIN=https://citicards.citi.com&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.208.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25ca4a79f782688bb53814c6f6d6a4c97838c77c6629837c873571f0b511253e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

servershortname
date
Tue, 11 Jul 2023 17:44:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
544391
p3p
CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 05 Jul 2023 10:31:26 GMT
server
cloudflare
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800, max-age=315360000
access-control-allow-credentials
false
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
7e52db03dda7918c-FRA
expires
Sat, 02 Jul 2033 10:31:26 GMT
Asset.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/
0
0

r.rnc
data.privacy.ensighten.com/privacy/v1/b/
0
106 B
Image
General
Full URL
https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=1&c=1129&i=8khosr&p=na_prod&s=15719&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI4a2hvc3IiLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8Q5odHRwczovL2NpdGkuYnJpZGdldHJhY2suY29tLwoA8CsvP2lkPTY1MzQ1JnJhbmRvbT0xLjI1MDkwNDIzNzc2MjUyRSsxNyIsInR5cGUiOiJpbWciLCJzdGFyywDANjg5MDk3NDc1OTI1pgAAGwEHFACAOCwic291cmM5ADFtdXSWAKJPYnNlcnZlckNMSAChdHVzIjoibG9hZMsAQGFzb27KANRdLCJkYXRhUGF0dGVyEgCybGlzdCI6W10sImlqAM84MTIwMjcyMjA0fSz8AAWRbWV0cmljczEuBQEA-QDwGmlkP2RfdmlzaWRfdmVyPTQuNC4wJmRfZmllbGRncm91cD1BJm1jb3JnGwH1RDE4MzREOUI1MjI4QTc0MzBBNDkwRDQ1JTQwQWRvYmVPcmcmbWlkPTcwNDk3MzkxNTg0NTQ1NjQ0MTgxMjM3MDExMzEwNjMzMTM2OTU5JnRzPTE2NQEmODJZATJ4aHIRAQtZAS44MlkBABQABVkBslhIUl9NQU5BR0VSQQACUgFvYWxsb3dlVQEhrzcwMzUyMzg2NzlVAf9d8QBuZXh1cy5lbnNpZ2h0ZW6lAwC1AiIvblsEEy86A_AWb21wb25lbnQucGhwP25hbWVzcGFjZT1Cb290c3RyYXBwZXImc24DMGNKc50EHz1ZAA5jY29kZS8m0ATyHmVkT249V2VkJTIwSnVsJTIwMDUlMjAxNTo0ODowNCUyMEdNVCUyMDIwMjMmQxMFIEQ9EgWBJlBhZ2VJRD12BJAlM0ElMkYlMkbCAFVjYXJkc4EDABUA8AJib2wlMkZmcmF1ZHByZXZlbrIE9mglMkZkZWZhdWx0Lmh0bSUzRkJURGF0YSUzREVGZS5CLmdBQjRmLkIuQjAhLlNFT3ouZUdJLmxZZy54RyEuQmouU1guMGYuRSUyNlByb3NwZWN0SUQlM0Q0Nzk0QzA4OEExRTM0OTY3QjE2RDNGRURBQ0Y2Qzk3RIUDYnNjcmlwdEcDCogDPjg4OYgDJzk14QTCaW5zZXJ0QmVmb3JlQgACiQMP2wQkIDkyNQRPNTk3M4YDBw_YAQ4PMQL_ai85MDECDA8SB0IFNwIPEgcIDzcCDgEPBPAaOTM5MzVhNDA5NjUxNjQ0NzE3MmQ5ZDNmMWQyMzcxMGQuanM_Y29uZGm6A5dJZDA9NDMzMDfSBg9NAwceORwBODYwMC4ID00DPJ83ODUwMzAwNDRNAykPFgFPHDMyAgsWAQ8yAkIFHAEfNmkEKAEcAf8QN2M4YWUxZjljMjA2OTMwMDI4NjcyOTQ5YzY3MDNmNjICAG84NDk5NjOABRE-OTkxHQEvMjOABUifMTI3NDEwNDExFwGLDzQCAAkXAQ80AkIUOR0BD1ADLvABYThlNmU3NTY0NWE0Nzg3NDMLzmEwZGUyOWRiNDY2MWYEbzg5NzA5OTQCJw-0B0ifNzk0MzUzNjgxFwGMHzRLAwAIFwEPNAJCBR0BD2gELv8QYzY1YTM2MDllMWJlZWQ3Mjk1NWI4OGFmYWM4Y2QzMWgEATAwODjCDwPFDg-aBgkPZwQALzMwZwRHrzc4NDI0ODAwMDdnBC0PFgFKDzICAAkWAQ8yAkMDHAEvMTAcAS3-ETkzYmQxMTczZTAwNGM1ZjE0YzhjMzEyNzc0YTE3N2Q2ZgRfOTM2NjMzAhQNog9PNjAzMjMCSI81MDc0NDEwNuMJMA8XAUkPNAIBCBcBDzQCQwQdAQ9mBC7_D2IxNjliNTIxMWFiY2I1OTU5N2MyYTUwZDA4MzRkYTQCAW84NTQ4MzSaBhMPNAJbrzkxMTI4NjE0NjnOCC4PFwFLDzQCYQYdAQ-3By7-EWY3OWFlNzQ1MjY0YjQzZjNmYWFhYjg3YmYzY2RiNzViaARHNTU4OV8VD5oGCQ_qCQAPZwRKnzY0MDA3NjA2NX4FLQ8WAUoPMgJhJDg3HAEPZgQuEGZ-Av8LYzRmNGNjMmRhN2JjNzYwOTU3ZGExZDBhNDeaBgBPODY3NTICFA9lBAEPMw1Jjzc2MjQ4MTMwFgGLDzICAQgWAQ-YBkIUORwBHzhOAy3-ETlkOWE3NjY3ZWRhMTY0MjFiNzU5ZDNlNGFlMzRkMjVmZAQAhg8PMQ0UDzICAR80ywhHnzgyNDk0Njc2N5cGLg8WAUoPMgIBCBYBDzICQgUcAQ-WBi7hY2NiOTEwZjNiMjg2NjXAE902NmNiNmVmM2VkYzQzMgJvMzAxMzMzZQQUD5cGAB81yxNHrzkxMTc2ODcyMjZlBC4PFwFLDzQCAAkXAQ80AkEGHQEPTg4IAmMIkS5jcmF6eWVnZ2YaY3BhZ2VzLwYfomVkL2NvbW1vbi0rAP8Wcy82MWYyNjg5ZDk1ZTk0YzZlZjU5OTIwMmVkZDMyNDAxYy5qc_YKEx44eRAfNnsFTp84MzAwNTU5MzhHDi7wB2Q3OTU0MTdkMTJjOGYxMjZlNjRlMDCJEG02YWJiNTVJA280MjE5MDgcARMPeRAALzc2ewVHEDc5H080Njc1XwQuDxYBSg9HAwAJFgEPRwNBFTgcAQ9kBAgO1xxrL2Nib2wv0xzvL2pzLzg1MS5idW5kbGUpAxUeMvcAKDExKQMA5R1gbmRDaGls4h8A7R0PRyEpnzkxNzIwNjE4NjcECA_wAEsNPiIaNvAAD-cBQgX3AA-UCQjQYzEucmZpaHViLm5ldM0Bb3RjLm1pbskBEy82MMkBAg8eB0evODk1MTYyNTMzOFEJCA_TAC0PrAEBCNMAD6wBQwTZAB8yQAsH8QV3d3cuZ29vZ2xldGFnbWFuYWdlct8GcGd0YWcvanPrJJ9EQy02MjYwMDCoERE-NjAz3ggQMRQABX4jD6kcPY82MTYyMDk1MXwjCA_nAEEPcAQACecAD9QBQhM37QAfMpkHCAB3BHEuZGVtZGV4ggMA4CYQNR4iv2w_ZF9uc2lkPTAjcCINBoAHU2lmcmFtniEK4CE9OTc3nAgoMTblCw9zBTufODE2NzY4ODg1_ABxHzj8AA0P_wFCBAMBHzYDAQgP7AIVkDQxNTgxMiZsPTUopkxheWVyJmN4PWP6AQLLCgKYIwn6ARE20AMiZW5RKALPKDg2MThtBw_-AEQgMzhjGB84gAkID_4AFV8yNjkzMv4AJQ7zDygxOc8FD-IEO685MDM4ODgwNzU24gQyD_gAKA_aBQAJ-AAP9gFBBf4AHzf0AjBvMjU2NzEw9AIkDvYBHzKBI0kQOAorTzYzNTD4AG0O9gE3MjA5Zg0P9gFBFTj-AA-WCQnQaXRpY29ycGNyZWRpdLknwWljLnR0Lm9tdHJkY_wG8gJyZXN0L3YxL2RlbGl2ZXJ5P5EuED0kBww7AEAmc2Vz0y7wB0lkPTQ4ZGFkMzY0MGNiYjQ5MzFiMjKuDqNmNjIzOTNiODkm-A9CPTIuMf0uAycfD5MsAz42MjbHDwEUAAUVCQ-TLD6fODg5MzgyODUzPwIIDwYBAQ9BAYUNTCo4NjI2hgIPQQFHD4ICCJQyMDc2NjY5OXDyDAAsLyJjYW0JACkv9AU5JnJhPTE1NjQmcmI9NjQ4JmNhPTUA8QAmX289MTcxNjkxNzUmX3SUAgsLD8BscCZfcmV2PTEmX3AwJgAJAPEFb3JkZXJpZD0xJnNzdl9jdXVpZD0LAMJwYWNrYWdlPW51bGwRADByb2QAMAcSADBhZ2X-LA9sAAQvcGWJLFE8JTIxiywAEwAPjSwnQCZwZj1oAfcAMzYyMjMxMTIyMzcyMjczWCkPxQoGTTYxMTbFCigyN1kCD80HO584ODMxNjQ5MzbxJAkEIgIPVwL_qg_xBQAJVwIPNgdDBF0CD4EeCAH1BQldMA-GEwY_MjgzhhMaPzYxMSUJAAn3AA8TDjufNzcyNTgyNTUzdhQzD_AAIA8dCQAJ8AAP5wFCBfcAD30UMz8yMjXnAS83NDI3FAoP5wE8IDY1eQkfOAsLCQ_XAhkP8AAfDucBCvAAD-cBQwT3AA-CCAgP9wAVIWltsBpwaGVhZGVyLTYA0C1sb2dvLWRhcmsuc3aiOAPDCg-vOAMgNjRNFwv0Dyg1OW4ZDwQBQp84NTYxMzYxMDJxFgkACAwP0gQQAwQB_wFwZXJzb25hbC1pbmZvLnBu_AAQHTKZMi82Nu0TTxA5XQo_Nzg4cBoJAMoBCis2D84FAw_8ACgO6RQP_ABZD-MEMAP8AK9mdW5kcmFpc2Vy9QEUD_kAYtA4NDgxNjAwOTYzfV19
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:38 GMT
cache-control
no-cache, no-store
server
nginx
expires
Tue, 11 Jul 2023 17:44:37 GMT
r.rnc
data.privacy.ensighten.com/privacy/v1/b/
0
106 B
Image
General
Full URL
https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=2&c=1129&i=8khosr&p=na_prod&s=15632&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI4a2hvc3IiLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8ANodHRwczovL2NpdGljYXJkcy4KAPAGLmNvbS9jYm9sL2ZyYXVkcHJldmVuMgDwEy9pbWFnZXMvZnVuZHJhaXNlci5wbmciLCJ0eXBlIjoiaW0NAEBzdGFyyADANjg5MDk3NDc2NDIxowAAGAEFFACgNjMzLCJzb3VyYzkAMW11dJMA8QtPYnNlcnZlckNMIiwic3RhdHVzIjoibG9hZMgAQGFzb27HANRdLCJkYXRhUGF0dGVyEgCybGlzdCI6W10sImlqAM84NDgxNjAwOTYwfSz5ADR_cm9tYW5jZfYAKB849gBNnzc1OTY2MTEyMfYAZR807AEAD_YAVx8z7AE2f3N1cnByaXPtASgfNuMCTq85NTgzOTkwMjM49wBlD-4BAA_3AFcvNDH3ADY_aXJz1gMnLzY01gNNrzk0MzgxNjE4NzfyAGAP5AEBD_IAVh84yAQ3_wFzcG9vZi1zY3JlZW4tbW9i8QETLTE50QQ_NzI18QFNrzcwMjg5NzE2MDbxATY_aGFs_gAfLjIw_gAvNDL-AE2vODMyMzk3NzA1Of4ANl9lbWFpbPIBEx4y8QIvNzTxAk6vNzE4NzgxODMxNPQAYg6jCQ_0AFkPyQU3X21vYmlstQcVD-kBAQ_bA02fOTA5MjcyMDc16QE4D_UAGg_qAQEP9QBXD-oBN5FpY29uLWFuaW07DE8uZ2lmigwPLjE1zwQfOacJTa85MDEwOTM4NTg1zAY3T2JhbmvOBBQP8AEAHznOBE6fOTQ2MjU4NDg48AE3D_MAGA_YAwAP8wBYD8EFNz96ZWzMBCgvODCpB0-PMDgwNDI4MTaBDDcP9AAZDp0ID_QAWQ_oATc_cGluzQMUHTLABA_yAE8QOb8EbzQ0MDM4NZsINg_yABcP5AFhBvIAD1AQN79ncmFuZHBhcmVudGsOFQ7HBA_tAU-fODczOTQ1Mjc0aw44D_sAIA61Bg_7AFkP2gM3AnQOf251bWJlcnN8Dh4Pfg0AHzl8Dk-fOTk4NzIxNTY3BwE4f2VjdXJpdHnmBBQOpgk_OTM2dQ5MrzkwODE3OTA1MzNkETcfc_cAGw7dBQ_3AFkP7gE3X3JlbW90hA0VDuAFLzkzMBZOnzk3OTQ0ODA2M_UAZA7aBQ_1AFkPrQk3AIcZjy1jb21wcm9tLBcXD-gCAC81MN8DTK84OTkwMzAyNTEyVBI3D_4AIw_dBAAP_gBXLzMywwk2T3RleHTQBScfNvEBTa85MDMxODA1MDQ3dg83D_MAGA_kAgAP8wBXHzbDBjdPcGhvbssFFQ_0AAAvNzHYA02PODMzMzM2OTPnATgP9AAZD84DAA_0AFgPnww3IGxvTR8PoQkoHzhUEk9_ODI1MDcyNW0QOA_2ABsP4AIAD_YAWA99DzdvZ2ltbWljQBQVDeICPzcwM70FT482NjQxNjU1NgAbNw_2ABsN7AEP9gBaD9gDNw_2ABsNjQsP9gBaDywWCAA7JfAKLnJlcG9ydC5uYWN1c3RvbWVyZXhwZXJpZZMjBbkkkmdsYXNzYm94Ly4A8h5pbmcvNzk4YjJmMTItOTE2Mi00YTk0LTkxZWUtODA1ZDg4M2NhMjY2L2Nsc18zACA_XwwA8RxzPTU0MjZlZWRmLTU2YzYtNGM4Yi1iMzE3LTcyZDc5NWYwNjg0OSUzQTAmMADxHnY9YmIzYzBlYTgtZjgyOS00NTBiLWE2NTUtY2E3NDQ5MGFlMWQyJnB2PTImZjIAZnM9dHJ1ZbUYMnhocvckCT8lPTcwNA0RAhQABT8lslhIUl9NQU5BR0VSQQACOCVvYWxsb3dlOyUhMDk5M6AaLzAwLAsID5IB_4DxBXd3dy5nb29nbGV0YWdtYW5hZ2VyzCfQZ3RhZy9qcz9pZD1BVwUDUDQ1MTQ3sygDuSdic2NyaXB0PAILfQIeMwkFGTFYGLBpbnNlcnRCZWZvcswCD7YnLK85MTEwNjg4OTAwAwUID-kAQh40_AQK6QAPpShBBe8AHzH8BAjxHWluc2lnaHQuYWRzcnZyLm9yZy90cmFjay91cD9hZHY9MWp3NWN2bCZyZWY90imQJTNBJTJGJTJGFQUK2CkAFQBrYm9sJTJG3Cn0mCUyRmRlZmF1bHQuaHRtJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDQ3OTRDMDg4QTFFMzQ5NjdCMTZEM0ZFREFDRjZDOTdEJnVwaWQ9aHFnb3dweiZ1cHY9MS4xLjAmaWQ9dHRkVW5pdmVyc2FsUGl4ZWxUYWcxQSrANzAzMyZ0ZDE9U2FwdisQX7AqEF_wABFf2QAWX7YqNl9scGQFU2lmcmFtqAIK6gIeMekjETcUAAVnBfIISFRNTElGUkFNRV9TRVRBVFRSSUJVVEU3Aw9zBS2PODU2Njk5MzTxCAkoanMEAjB1cF8aKzFlci4zATYuanPnAA_RAwkN0CQL5wAP0QM7nzg3MTM5MzU2NIcrCQ_ZADIPwQMBANQBBcABD8EDQQbfAA_BAwiBYmF0LmJpbmeNBSFhY0stUDA_dGk9oCzxJjE2OTImVmVyPTImbWlkPTlhNzMyNmM1LWViZDAtNGI0YS1hOWIzLTk5YzNjOTcyZjUzOCZzKQDzEWE5MTNlMDIwMTIxMWVlYjU0NTA1YjQwZTJjZTE5MSZ2JQA1NjgwJQDwATg2ZjQyOTUyYjBiOWZmNGElAPEYcz0xJm1zY2xraWQ9TiZwaT0xMjAwMTAxNTI1JmxnPWVuLVVTJnN3rQAxJnNoHwCwJnNjPTI0JnRsPUYjLkUlMjBQJi7QJTIwJTdDJTIwQ2l0afMALyZwlwSf9hdyPSZsdD01MjQyJmV2dD1wYWdlTG9hZCZzdj0xJnJuPTM5MzgyNXEDD_suAyA3MbcYImVukS4CDy9HNzEzNxQRAVUEAFcvD1QEQJ83OTQwMDI2NjJMBwgPnAKNFzCcAi9lY-8FE6EmZWE9QXBwbGljGyQPgAI3DwcDBAAiAgKTDAAbAkA1MzM4IzIDXAkPGgIFLDQzyx8gNzEUAAWvBA8aAkgBMy5PNDIyN5IkCQkaAgANAA9hBhUfONkADA9hBjyfODk0NDEyMDEw6BUIAL8ABYIFAA0AD8wAFA9UBgEJpQEPVAZCBdIAD60XCADFAAXSAAxUBkczNzQzVAb_FTA1NmM1NWU4LThhMjgtNDVhMy05MmE0LTE0MzZkZTM0YzkyNFQGPQi4Aw9UBv8VbzkyODY4N1QGDx81kw0AABQADzoEUa84ODUwNTkwNDE4nAK0D1QGk185MDcxMW8IEB82GwIAABQADxsCUp82OTk2NjMyNTQ2EggJtwQADQAPiQUUHzO2DAAJaTQPVQZFD9cLCPADem4zdmk4a2t1ZHMwampyZmMtgA7wEWZlZWRiYWNrLnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzEgvxAy9TSUUvP1FfWklEPVpOXzNWSUcAdlMwSkpSRmMCBA_HDQkOFRQoMTnHLaBhcHBlbmRDaGlsAhQPlxEsQDg3OTUWJi84ODwgCA8QAWoPqgcBCRABD6oHQgQXAR85cR0IUHAudHZwwBAB-gHwA2NvbS5zbm93cGxvd2FuYWx5dBQCBBIARi90cDL_AQ8RFgQuMjFiCQEUAAXmAw8RFj7QNzE4NTcxMjg0OX1dfQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:38 GMT
cache-control
no-cache, no-store
server
nginx
expires
Tue, 11 Jul 2023 17:44:37 GMT
r.rnc
data.privacy.ensighten.com/privacy/v1/b/
0
106 B
Image
General
Full URL
https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=3&c=1129&i=8khosr&p=na_prod&s=14360&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI4a2hvc3IiLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A9RxodHRwczovL3AudHZwaXhlbC5jb20vY29tLnNub3dwbG93YW5hbHl0aWNzEgDwCS90cDIiLCJ0eXBlIjoieGhyIiwic3RhcrsAwDY4OTA5NzQ3NzIxOJYAAAsBChQAUHNvdXJjOQCyWEhSX01BTkFHRVJBANF0dXMiOiJhbGxvd2VktwBAYXNvbrYA1F0sImRhdGFQYXR0ZXISALJsaXN0IjpbXSwiaWYAzzcxODU3MTI4NDl9LOgABRlj6ADxAGpzL2N1cnJlbnQvZHBtXwEB9jRfbWluLmpzP2FpZD1jaXRpLWQ0Zjg1ODI0LTEzNTEtNDU1NC05MWZmLWZkYjU2Zjk2MmM1YyZjb21zY29yZT10cnVlHQFic2NyaXB03wAKIAE_MDM5IAEARDksInMgAcJpbnNlcnRCZWZvcmVCAAIhAT9sb2EeASCvOTA0MjI3NDU3Nh4Bki80MB4BDDFtdXTEAq9PYnNlcnZlckNMJAE4LzcwQgIH8QV3d3cuZ29vZ2xldGFnbWFuYWdlcjUD8AtndGFnL2pzP2lkPUFXLTY5NTIzMTE2MiZsPbwCr0xheWVyJmN4PWMeAhEvMTAAAQAvNjEeAka_ODk4MTIwNTQ2NjP6AG4eMvoBCfoAD_oBQQYAAR81AAEunzk3NTcwMTk0N_oBIi8wORgEAC84NPoBRr85MTI0MDU3NzYyNvoAbC8xMPoBAAn6AA_6AUEGAAEPGAUIgWJhdC5iaW5n6ANAcC9hYz4Hzy8xNjAwMTY5Mi5qc9QDEh4z1AMQM-gDBfIFoGFwcGVuZENoaWzhBT9zdGHxBS1_ODEyNzUxMtkBBw_ZADMtNDOzAwrZAA-5AUIxMDQy4AAfMrMDL582NDQ1NzQwNDOzAyQO6wg_MzI3swNGvzg4OTkxOTkwMTc32gEHD6cGFQ_6ACoPswMBCvoAD_oBQQUAAS84MQABLp85NTkyOTk3OTT6ASI-MTAx-gIfNa0FRxA49QFvODIyOTM4-gBuDq0FGTP6AA_6AUIFAAEPrQUID_oCFL8xMDk1NTAwNjk1OfwBJA4CASg0MaMJDwIBQ48zNDk4ODI5M_YEL484MTk1MDAwMvYEIw_8AgE_NDUw9gRIjzU4NTcyMTY59gMvD_oALQ_6AQAJ-gAP-gFCFDgAAQ_QBwgP_AIUnzk2MDYyMTg3NfoCIi4wOfAGLzQ5-gFJjzIwMTQ5Njk5-gBtD_AGAQr6AA_6AUMEAAEPowsvjzgzMDkwNzk29AQjD50MAS81NrUQR684NzA0MzA3MzA2kQ8vD_oAKw_6AQEK-gAP-gFCBQABD5cPCAnECwObDFQwP3RpPaAM8SImVmVyPTImbWlkPTlhNzMyNmM1LWViZDAtNGI0YS1hOWIzLTk5YzNjOTcyZjUzOCZzKQDzEWE5MTNlMDIwMTIxMWVlYjU0NTA1YjQwZTJjZTE5MSZ2JQA1NjgwJQDwATg2ZjQyOTUyYjBiOWZmNGElAPAFcz0wJm1zY2xraWQ9TiZlYz1TYXAlFWBfY2JvbF9hE9BfZnJhdWRfcHJldmVuWQ3RX2xwJmVhPUFwcGxpY-URMSZwPakUkCUzQSUyRiUyRjgAYGNhcmRzLgoAAJcNABUAYWJvbCUyRk8ABk4A8QIlMkZkZWZhdWx0Lmh0bSZzdxgB8BImc2g9MTIwMCZzYz0yNCZldnQ9Y3VzdG9tJnJuPTUzMzjjFQPiFDJpbWdcEgrCEx8x9wwANzU3MgEHDBMCEkFHAALWDUBlcnJvOhUvcmXmFBpQOTAyMzjLEx81EwMIDxMCjRcxEwIhcGmJAf8AMTAxNTI1JmxnPWVuLVVTqAEEQHRsPUYuAkUlMjBQMALQJTIwJTdDJTIwQ2l0aQwCDy8CN_BmJTNGQlREYXRhJTNERUZlLkIuZ0FCNGYuQi5CMCEuU0VPei5lR0kubFlnLnhHIS5Cai5TWC4wZi5FJTI2UHJvc3BlY3RJRCUzRDQ3OTRDMDg4QTFFMzQ5NjdCMTZEM0ZFREFDRjZDOTdEJnI9Jmx0PTUyNDImjQLQcGFnZUxvYWQmc3Y9MZQCZjM5MzgyNWgQD5UCeq84Nzk0MDAyNjYzlQIlRzM3NDOoBP8VMDU2YzU1ZTgtOGEyOC00NWEzLTkyYTQtMTQzNmRlMzRjOTI0qATvXzkwNzExFAIQHjagET81NzapBEyfODY5OTY2MzI1qQQmDxQCfA-pBP8VbzkyODY4N6kEDw-VAmOfODUwNTkwNDE5UQkIgHNyLnJsY2RuSwYwLzQyFhkAOwjwDmw_ZXM9ODA2NzYmdT1kYTM5YTNlZTVlNmI0YjBk6AL3BWJmZWY5NTYwMTg5MGFmZDgwNzA5CAFDZnJhbckbCkkIPTAzNUYSKDU4QBQPGRY6rzg4ODEyODMyMDFFEQgPBAFeD_EbAAoEAQxNCQ_xGzEFCwEvMjRQEwcC7RvwB2Fkcy5nLmRvdWJsZWNsaWNrLm5ldC-nB_MCYWQvdmlld3Rocm91Z2hjb24sIPUFLzkxNjQ1MTQ3MS8_cmFuZG9tPTELH9swODImY3Y9MTEmZnN0GABBYmc9ZgEA8xEmZ3VpZD1PTiZhc3luYz0xJmd0bT00NWJlMzdhMCZ1X8sKI3VfzAo_dXJsKAs1D_kIVzZobj22ECBhZM4dQGljZXN9A78mZnJtPTAmdGliYfcJEhBhLwEQMeIOZTk2NTI5Lm8B8AA2JnVhbWI9MCZ1YXc9MCaQHRE9bgwwJTNEtx3wAC5jb25maWcmcmZtdD0zJgYAFjS6Aw_FHwgtOTe6Azc2MDhaBw-6Azx_NzU0MTMzNGcJCQ-vAv__Cg_FEAEKrwIPZQVDBLYCD7MWCAmyDgliHQAGCg9iHRUfNI8DAQifEg-PAzufNzkzMjIwODkzmBQID9kAMw8tCQAoNjDZAA-5AUIE4AAfNG4aCPAFc2l0ZWludGVyY2VwdC5xdWFsdHItJgBHJnRXUlNpdGVJHgDQRW5naW5lL1RhcmdldE4f9SdwaHA_UV9ab25lSUQ9Wk5fM1ZJOGtrdWRTMEpKUkZjJlFfQ0xJRU5UVkVSU0lPTj0xLjk1LjAXAIZUWVBFPXdlYqoFD4wmBC42MbEXARQABXofD4wmPo85MDg3MzMzNDsB_2HwDGR4anNtb2R1bGUvMTIuYWI5MmI3MTdkZWMyNDgQkDMxMy5jaHVua-UnD2ICFKEmUV9CUkFORElEEygKehQGfwIPKQgHPjE5NCkILzEzKQhGjzcwMzYxNjg2OBcJD7oDCQ9EAYMOJw0ZNkQBDwUFQwRLAQ93HAj_HGluc2lnaHQuYWRzcnZyLm9yZy90cmFjay91cD9hZHY9MWp3NWN2bCZyZWahC5_wEXVwaWQ9aHFnb3dweiZ1cHY9MS4xLjAmaWQ9dHRkVW5p7wwwYWxQPSw1VGFndAuPNzAzMyZ0ZDHxFxMGRQMfaSgPBi4xMRsnKDYxbiEP3wc7nzg1NjY5OTM0NncbCA_6Af9VHjI7Jwr6AQ_7A0IFAQIPaCUID28NJwQnKg8eEAA_MjY4HhACABgADx4Q_5guMjh4Fy82MdgTSI83MjUyMTIxNa8C__8nD6QKAQivAg9lBUMEtgIPZQ4ID2UFJgWGMQ9lBQEvMzZlBQM_MzYmZQX_mR82GwgBD4MVR9A3MTg5MTUyNjU2fV19
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:38 GMT
cache-control
no-cache, no-store
server
nginx
expires
Tue, 11 Jul 2023 17:44:37 GMT
r.rnc
data.privacy.ensighten.com/privacy/v1/b/
0
106 B
Image
General
Full URL
https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=4&c=1129&i=8khosr&p=na_prod&s=11551&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI4a2hvc3IiLCJwYWNrZXQiOjEsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A8ypodHRwczovL2dvb2dsZWFkcy5nLmRvdWJsZWNsaWNrLm5ldC9wYWdlYWQvdmlld3Rocm91Z2hjb24RAfsbLzY5NTIzMTE2Mi8_cmFuZG9tPTE2ODkwOTc0NzcyMzYmY3Y9MTEmZnN0GABBYmc9ZgEA8BYmZ3VpZD1PTiZhc3luYz0xJmd0bT00NWJlMzdhMCZ1X3c9MTYwCQBAaD0xMgkAMXJsPbYA8AQlM0ElMkYlMkZjaXRpY2FyZHMuCgBALmNvbRUA8AJib2wlMkZmcmF1ZHByZXZlbvIA9XAlMkZkZWZhdWx0Lmh0bSUzRkJURGF0YSUzREVGZS5CLmdBQjRmLkIuQjAhLlNFT3ouZUdJLmxZZy54RyEuQmouU1guMGYuRSUyNlByb3NwZWN0SUQlM0Q0Nzk0QzA4OEExRTM0OTY3QjE2RDNGRURBQ0Y2Qzk3RCZobj13d3cuZgFwZXJ2aWNlc6wA0CZmcm09MCZ0aWJhPUauAEclMjBQsQCxMCU3QyUyMENpdGkvABBhLwG1MTMwOTA5NjUyOS5vAfEFNiZ1YW1iPTAmdWF3PTAmZGF0YT34APAHJTNEZ3RhZy5jb25maWcmcmZtdD0zJgYA8Ak0IiwidHlwZSI6InNjcmlwdCIsInN0YXKFAgbGASA2MWACANUCBRQAoDYxOCwic291cmM8ADFtdXRQAqJPYnNlcnZlckNMSAChdHVzIjoibG9hZIUCQGFzb26EAjBdLCKdAGRQYXR0ZXISALJsaXN0IjpbXSwiaWoAzzcxODkxNTI2NTd9LLYCP480NDU3NDA0M7YCAD8zMDe2AgIAGAAPtgL_mD8zMja2AgAXObYCoGFwcGVuZENoaWyfAj9zdGGvAim_OTA2MjA4MjcxMDivAv__Jh83rwIMD2UFQQa2Ah85tgJAnzk2MDYyMTg3NWUFAD80NjVlBQIAGAAPZQX_mD40ODm2Ai8yMGUFRb84ODMzMzg5MTc5Nq8C__8lLzkwrwIMD2UFQQa2Ag_KCkGfOTU5Mjk5Nzk0ZQUAPzMzNGUFAgAYAA9lBf-YPzM1M7YCYZ85MDkwNDM5OTO2AkG_MTA5NTUwMDY5NTm4AgEvODC4AgM_ODAmuAL_mC80MW4FAR8xHQhIjzA2MDAwMTA0HQhAD7EC_9QP6RIAGDKxAg8fCEQDuAIfNbgCQI84MTk1MDAwMukSAS80Mp8VAwAYAA9nBf-ZHzSEDQEItgIP6RI6rzg3MjE0NDM1MDnpEkEPrwL_0R81FggND2UFQgW2Ag_pEkEQOI4ZPzc5NswKAS81MoQNAwAYAA9lBf-YPjU2OIQNHzPpEka_OTA5MjM4MTc2MzAUCEEPrwL_0Q8UCAAJrwIPZQVBBrYCHzG2AgfxB3NpdGVpbnRlcmNlcHQucXVhbHRyaWMKH_ECL2R4anNtb2R1bGUvQ29yZU0LAPQMLmpzP1FfQ0xJRU5UVkVSU0lPTj0xLjk1LjAmFwDwBFRZUEU9d2ViJlFfQlJBTkRJRD0KII9mZWVkYmFja-UeET42NTThAy85Na0ORa85MTE0MTczMjU29QsIDysBhh81KwEMD10CQgUyAQ_8FwgPMgEJdFdSU2l0ZUl7AvICRW5naW5lL0Fzc2V0LnBocD9uAvIGPVNJXzBBaW9yeVJrbDhieEhNMiZW_CPCPTIxJlFfT1JJR0lOgiIwOi8vaAIKfCIFlgIPrQIMBpYCMnhocjAhCnghLjcxjw4BFAAFeCGyWEhSX01BTkFHRVJBAALCHmBhbGxvd2XVHi9yZXQhG1A5MzYzNUIRD9wLCA9kAf-V9QNDUl82c1BxRFg0d0tRdWpQTzbIAgDHAgUIAy9JRPMCAQ_oAlsdMlAENzcxMnsFD-gCPVA5MDI1NJseLzUyqQYjD0wEFA-EAf9LBy0I_w0xLjBjNWE1NzY4NWNlYzAxMzdiODNhLmNodW5rPwhTHzfsFgA3NzQzxAIPhRE7EDm8Jk8wOTM2DQckDz0BfA8BBAAJPQEPUQhBFThEAQ_tBiQHRAH_BzcuY2ZmOTdjYTQ1N2M3YmNiZjc3OGKBAloeMPILPzc0NIECRtA3OTA2NDQ0NTkzfV19
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:40 GMT
cache-control
no-cache, no-store
server
nginx
expires
Tue, 11 Jul 2023 17:44:39 GMT
r.rnc
data.privacy.ensighten.com/privacy/v1/b/
0
106 B
Image
General
Full URL
https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=5&c=1129&i=8khosr&p=na_prod&s=1152&d=8HB7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfcHJvZCIsImluc3RhbmNlSWQiOiI4a2hvc3IiLCJwYWNrZXQiOjQsIm1vZGUiOiJlbmZvcmNlWgDwCG9va2llcyI6eyJCQU5ORVJfTE9BREVEkQDyJyJ9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdM4A-apodHRwczovL3NpdGVpbnRlcmNlcHQucXVhbHRyaWNzLmNvbS9keGpzbW9kdWxlLzcuY2ZmOTdjYTQ1N2M3YmNiZjc3OGIuY2h1bmsuanM_UV9DTElFTlRWRVJTSU9OPTEuOTUuMCZRX0NMSUVOVFRZUEU9d2ViJlFfQlJBTkRJRD1jaXRpZmVlZGJhY2siLCJ0eXBlIjoic2NyaXB0Iiwic3RhcnQiOjE2ODkwOTc0Nzc3MTIsImVuZBQAkDQ0LCJzb3VyYzwAMW11dN4Aok9ic2VydmVyQ0xIAKF0dXMiOiJsb2FkEwFAYXNvbhIB1F0sImRhdGFQYXR0ZXISALBsaXN0IjpbXSwiac0B7zY4NzkwNjQ0NDU5Nn0sRAEsIkZl7gBxQnV0dG9uTVkBDzwBVRAwKgIC0gATOVABJzU3PAGgYXBwZW5kQ2hpbCUBP3N0YTUBKq85OTQ1NzAyMjc3NQGqD3ECAAk1AQ9xAkLQOTk0NTcwMjI3OX1dfQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.119.57 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-119-57.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.5735.198 Safari/537.36

Response headers

date
Tue, 11 Jul 2023 17:44:40 GMT
cache-control
no-cache, no-store
server
nginx
expires
Tue, 11 Jul 2023 17:44:39 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
siteintercept.qualtrics.com
URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Asset.php?Module=CR_6sPqDX4wKQujPO6&Version=1&Q_InterceptID=SI_0AioryRkl8bxHM2&Q_ORIGIN=https://citicards.citi.com&Q_CLIENTVERSION=1.95.0&Q_CLIENTTYPE=web

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 boolean| credentialless object| onbeforetoggle object| onscrollend function| TrackPixel function| getUrlParameter boolean| bt_console object| citiData object| _dl function| _trackAnalytics object| ensBootstraps object| Bootstrapper string| enslang object| ensighten_cc object| adobe function| Visitor object| s_c_il number| s_c_in object| adobe_visitor object| ensClientConfig boolean| ensBrowserSupported object| gateway object| targetGlobalSettings function| targetPageParamsAll object| __target_telemetry object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate object| opsVars object| webpackChunk_citi_citi_template function| clearImmediate function| setImmediate boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_SITE_DATA_URL string| CE_USER_DATA_URL string| CE_USER_COMMON_SCRIPT_URL string| CE_USER_THIRDPARTY_SCRIPT_URL function| _rfi object| dataLayer function| gtag object| _cls_config object| _detector number| currEventSetId number| pendingEventCount object| pendingEventSets object| webpackChunkCE2 object| CE2BH function| CE_URL_FINGERPRINT function| AppMeasurement number| s_objectID number| s_giq string| rsidAry object| s_tms object| val function| extend function| RocketfuelBCPInclude function| RocketfuelBCPClass function| RocketfuelUtils object| RocketfuelBCP object| google_tag_manager object| google_tag_data object| ttMETA object| uetq object| GooglebQhCsO function| ttd_dom_ready function| TTDUniversalPixelApi function| UET function| UET_init function| UET_push object| ueto_57d1538d12 object| ueto_cb77270a0f object| QSI object| WAFQualtricsWebpackJsonP-cloud-1.95.0 object| dpmComscoreVars object| GlobalSnowplowNamespace function| dpm function| DPMSendConversionEvent function| DPMSendSingleTransactionEvent object| keys_processed object| Snowplow object| _qsie

49 Cookies

Domain/Path Name / Value
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266 Name: _cls_cfgver
Value: 5a59ddc9
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266 Name: _cls_v
Value: bb3c0ea8-f829-450b-a655-ca74490ae1d2
prod.report.nacustomerexperience.citi.com/glassbox/reporting/798b2f12-9162-4a94-91ee-805d883ca266 Name: _cls_s
Value: 5426eedf-56c6-4c8b-b317-72d795f06849:0
.citi.com/ Name: AKMTLTSID
Value: 65A4A53DC05AE59E2C940A93C3A367D2
.citi.com/ Name: ak_bmsc
Value: 017786125FC2AC4C2021D90BE06D82F1~000000000000000000000000000000~YAAQovAQAnwWxkOJAQAA2RMORhSJw/QNPdyeDqTYUAcfsomkHJgpMiEUoozR1ZPfcd86jsOrDmqj/JB21Rf3df1fcuV42HGO3tpIIBo0SpwwoCIED2l2TpV6F7A1PaKLmiLBsNOPq2RqGOb8SRwBsmdI9GrLyHam97u/x+chxRLfj8bjU1QDPHsmyR/3Va3fswTNQNqVemt0m5+IyE0vBKAsMoEK00vaPrEGD8bdO6rMket2a8henpeAvFMZB5rAm6CUBJcSX8ckN9ME7MXbhMzb3CqpJgkP4alQcPqTc6KI19V8t/tf00wqAgDZYYrmoDs7aPbktcSPIrxP/l00MNCQ3SA8deQrZJJ6dL5OLIRPl7uTPrbIBc1W5g==
.citi.bridgetrack.com/ Name: ATC1
Value: 38070|ZRzUz.B.iAB4f.B.B0!.SEOz.eGI.lYg.xG!.Bj.SX.0f.C.E
.citi.bridgetrack.com/ Name: CitiBT
Value: GUID=C897B4FF394541A6A6A3123415F9D945
.citi.bridgetrack.com/ Name: CitiBTSES
Value: SID=AD69DEE7E9D64CE39D1D7B7B4CFB46E6
citicards.citi.com/ Name: CitiBTSES
Value: SID=30982FC0B1964DA995589258D002CE97
.citi.com/ Name: ensighten_conentSync_timestamp
Value: 1
.citi.bridgetrack.com/ Name: CitiBT%5F1
Value: GUID=C897B4FF394541A6A6A3123415F9D945&SID=4794C088A1E34967B16D3FEDACF6C97D
.demdex.net/ Name: demdex
Value: 75272547503630130891767985019423787676
.citi.com/ Name: CITI_ENSIGHTEN_PRIVACY_BANNER_LOADED
Value: 1
.citi.com/ Name: CITI_ENSIGHTEN_CC_SYNC
Value: 0
.citi.com/ Name: at_check
Value: true
.citi.com/ Name: AMCVS_61834D9B5228A7430A490D45%40AdobeOrg
Value: 1
.citi.com/ Name: _cls_v
Value: bb3c0ea8-f829-450b-a655-ca74490ae1d2
.citi.com/ Name: _cls_s
Value: 5426eedf-56c6-4c8b-b317-72d795f06849:0
citicards.citi.com/ Name: 7830
Value: error
citicards.citi.com/ Name: 7018
Value:
citicards.citi.com/ Name: 64072
Value:
.citi.com/ Name: _gcl_au
Value: 1.1.1309096529.1689097476
.citi.com/ Name: cebs
Value: 1
.citi.com/ Name: s_ecid
Value: MCMID%7C70497391584545644181237011310633136959
.rfihub.com/ Name: rud
Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0MjOwMAZyLIwNhPgMdb09AvIsc_ItiiMzywEZ2msrJQAAAA
.rfihub.com/ Name: ruds
Value: H4sIAAAAAAAA_-MSNjU0MTCwMLE0MjOwMAZyLIwNhPgMdb09AvIsc_ItiiMzywEZ2msrJQAAAA
.citi.com/ Name: _ce.clock_event
Value: 1
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~ZK2VBAAAAFb2TANn
.citicorpcreditservic.tt.omtrdc.net/ Name: citicorpcreditservic!mboxSession
Value: 48dad3640cbb4931b22abb5f62393b89
.citicorpcreditservic.tt.omtrdc.net/ Name: citicorpcreditservic!mboxPC
Value: 48dad3640cbb4931b22abb5f62393b89.37_0
.citi.com/ Name: _ce.clock_data
Value: 58%2C81.95.5.37%2C1%2Cdc0a08e416cd7f8471c71ad711523ca3
.citi.com/ Name: cebsp_
Value: 1
.citi.com/ Name: _ce.s
Value: v~1fa02089ab77729fbe4418048eb39b3c4a8127a8~lcw~1689097476158~vpv~0~v11.rlc~1689097476454~lcw~1689097476454
.citi.com/ Name: mbox
Value: session#48dad3640cbb4931b22abb5f62393b89#1689099337|PC#48dad3640cbb4931b22abb5f62393b89.37_0#1752342277
.citi.com/ Name: mboxEdgeCluster
Value: 37
.dpm.demdex.net/ Name: dpm
Value: 75272547503630130891767985019423787676
.citi.com/ Name: AMCV_61834D9B5228A7430A490D45%40AdobeOrg
Value: 1585540135%7CMCIDTS%7C19550%7CMCMID%7C70497391584545644181237011310633136959%7CMCAAMLH-1689702275%7C6%7CMCAAMB-1689702275%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1689104676s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19557%7CvVersion%7C4.4.0
.citi.com/ Name: _uetsid
Value: 9aa913e0201211eeb54505b40e2ce191
.citi.com/ Name: _uetvid
Value: 9aa96800201211ee86f42952b0b9ff4a
.citi.com/ Name: _dpm_ses.d03c
Value: *
.citi.com/ Name: _dpm_id.d03c
Value: c74478af-5852-45ad-b9d6-aa96c3b30b0d.1689097477.1.1689097477.1689097477.73c9849d-09ad-46a3-9d27-89c4d9dea641
.bing.com/ Name: MUID
Value: 34068273938B6B7E1697913892276A8B
.doubleclick.net/ Name: IDE
Value: AHWqTUmgQzRY1kx9DzEb0NLBYxR55baIeXW1SuFPQKXIMGSGNytgyW01iW7x3C-d
prod.report.nacustomerexperience.citi.com/ Name: AWSALB
Value: IGllelFFpIq9d8zML0uqN5cMCLnXV7Pt/q5uDRFbzkfSSLpFuTn8i+BfkgL5WTb30AH9tOmeHbG+ZYhglLITMteRFb5GsOp48y/bH6C3gIen/47Vs4ZygvC/2Et2
prod.report.nacustomerexperience.citi.com/ Name: AWSALBCORS
Value: IGllelFFpIq9d8zML0uqN5cMCLnXV7Pt/q5uDRFbzkfSSLpFuTn8i+BfkgL5WTb30AH9tOmeHbG+ZYhglLITMteRFb5GsOp48y/bH6C3gIen/47Vs4ZygvC/2Et2
prod.report.nacustomerexperience.citi.com/ Name: ROUTEID
Value: .cligate1
.amazon-adsystem.com/ Name: ad-id
Value: A6XpElyc9Usyou0otvLY9yU
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.tvpixel.com/ Name: sp
Value: 4bc4dde9-725e-475b-8788-6cee2e68a7ca

1 Console Messages

Source Level URL
Text
network error URL: https://sr.rlcdn.com/425466.html?es=80676&u=da39a3ee5e6b4b0d3255bfef95601890afd80709
Message:
Failed to load resource: the server responded with a status of 451 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

20766699p.rfihub.com
assets-tracking.crazyegg.com
bat.bing.com
c.tvpixel.com
c1.rfihub.net
cdn.digitalmarketing.citibankonline.com
citi.bridgetrack.com
citi.demdex.net
citicards.citi.com
citicorpcreditservic.tt.omtrdc.net
click.info15.citi.com
cm.everesttech.net
data.privacy.ensighten.com
dpm.demdex.net
googleads.g.doubleclick.net
insight.adsrvr.org
js.adsrvr.org
metrics1.citi.com
nexus.ensighten.com
p.tvpixel.com
pagestates-tracking.crazyegg.com
prod.report.nacustomerexperience.citi.com
s.amazon-adsystem.com
sb.scorecardresearch.com
script.crazyegg.com
siteintercept.qualtrics.com
sr.rlcdn.com
tagmanager1.citi.com
tracking.crazyegg.com
www.citi.com
www.google.com
www.google.de
www.googletagmanager.com
zn3vi8kkuds0jjrfc-citifeedback.siteintercept.qualtrics.com
siteintercept.qualtrics.com
104.102.55.191
104.17.208.240
13.111.71.127
13.225.33.74
18.66.248.47
18.66.97.121
193.0.160.131
2600:9000:20c3:f200:1:76cf:fe80:93a1
2600:9000:2247:2c00:1d:bf0a:0:93a1
2606:4700::6813:9308
2620:1ec:c11::200
2a00:1450:4001:801::2002
2a00:1450:4001:806::2004
2a00:1450:4001:829::2008
2a00:1450:4001:831::2003
3.124.119.57
34.107.138.236
34.198.94.134
34.251.46.32
34.253.91.174
35.190.22.40
35.190.60.146
35.71.131.137
52.208.156.123
52.209.244.112
52.222.149.8
52.46.151.131
54.156.57.223
63.140.62.135
66.235.152.143
99.84.88.39
0155792b9a2663cd6b988cf1c1f79d8cacb5a412f37030d3b3dd310e41e80be6
040d3398f360907cc7ca1b942e2213e6f360d39bac4a5fa9140e3ae82731c747
04ce45e70778ae8ff4eb970e620665a7e48552a96ddc99e92b8bf1c08592d985
0692d8f575c2522bf66816e9190859e9a1135ced06f09a9d4145c146abeaf46b
07f6baeb3a16d7474a408bd4f6ae6bfe8c2538c41ba342f2431ddc64264b4fcf
0a747978746092df6f18fe90ef23b9896959f6a9bb0b58cbab2cbc851793e023
0c4e75e13e4b85762fadd82516c6e788aaf18739baad8406842c12355cdfb8b3
1189d926238344b283108b3493cf0469d4fd851d185f22fd9366a225c44d3e7a
1640694b7752006abb6e719d1dee6a2c3791cf00d4047e577ee20408342fb897
169497aeb22981c6c521fc664347e3d61bfa45949950fece4d1b094543bb64f9
18e4bd3ec81538c19da48add5f6bcabe99cabf7279806624e3bdf630537e9447
18fe0fbfef31b4ef603a5827ac377792d1a68b93710d285e88623a79ea0e6870
1aa2b97a967263d27c2f5591098fdae938891217f7288d1bf03b800963c3d270
1cc998148cc12663c81cd4638e2dab2e75a52568104f426ab305c6773b4ec4ff
1e5862041043d970c6305c4b719688a6d5a287db8f88dcbc9af71fa4d74faf91
1fa281e4dcbd2331514f3e107d332989ffb078ccf119b31dcd9b809ba809fbe6
243be78545efd21ff3b05e1df8898520911363c569dc19a67e77d35e63b6e574
2584c6004529409e7de7c99038212f52c80abd0ea8433e69bae062fb2fbeeaf3
25ca4a79f782688bb53814c6f6d6a4c97838c77c6629837c873571f0b511253e
25d29d4c6e744e54c9e16f2f27a9cea3d936047813399376dcc5bd852b506a38
2689367b205c16ce32ed4200942b8b8b1e262dfc70d9bc9fbc77c49699a4f1df
28ced8a7cb30e6f747ad8116dcd11d3dbf5848c2d49a9babbd7d8c94e0a29cf7
2a07a271b0b52925cfa0e508596f523efe5a5b7a7dd8e60a30945c75c53d28a8
2b927b46fdcf7fbfc942ca14953b5aabc29d187ac54c8f9c5a24991f90a615af
2bab576a1654b30cbc8ea7514784fe81dd0d35450205e30f0a66498faf577757
2bd6ed18c6050c02646b031a9b4907c1624e5fd37e8a025ea70bd5bc2e8e6421
30a7ef5e88e9b00fa6d82e880b1887bf8e303cc6cad63052ef442a01c46e11ae
3257140310ae8f99f14d384e078ca9f38a0034523b2e319133211a2abe8cb7ad
3563b6e04f40fe3731855ce09dfd2e5f9e2352a3fe1107ca4bd7be199be7a466
372b67a92ab446419a50836bef8d4cb1e67c3c453635802b8e76851f97506a6a
372be8b7e84a6bd3cd3fb8ca8f2850bd1d51075c8df11c4f80660d7874a13424
40cefd284724286ec23670e16cc7b354c2cee0527edda1ae49eea62b8301bff4
41d6ee7d6834807df0b1c075d37e868b03c8f6474f3d41971cdc660cf36790af
442690cb575e03bf903ae84969aa152f6a2875519e64df5ee2133f41ac21feae
465f3efefba82cfd554d95f93205978eeb3c075f3f56e790615ede3e0611411e
49c1fd853338278e69f8619214938e4ec254a86e9b154f36d9239c05e50fb6fa
4bd2e97ff103e4087829ada73ed0a4f97639bd1cf5fe57744dbb1504e6217d2f
56500ab0cde6f2d4378a2b105d7f48f729f23b0b5186c2ae3fc80ab57b1e43b6
57708901f47a20f3fbe1aafedc530fbe49f01fb88714c9b4685426b94759f732
59cc35650c78c4f0167f3db741b6b5382775db7d6e7f53eb07494d0473ab0b4c
5b67ef142e18bfb86f4dac4a466758f51db4171863f56925eb6ae2c242b416ff
5bc08566dd8013e3cd19dfd6f84bfdd4158f10ccf58fcfb79d70a251a00f6244
6038d7791fbab95f51c10c0c28a125aeffeca7474d5a8e03f77ad48ef69d2c2a
61d1bb42616337c62614385e8a3045e00d5724568b0cbe1701e45b2c80eb5bc6
61d8137d275f12306e177bc726c2b3e072f9efa4743a0ace6ecbcf7a0932fd07
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15
6424b26e1c9ad15f0ed6d53c59c7fc52b8265ae94a4f6ccbc65657a8ab6693b4
676e54cdee3f1e714af561b2de2074adc44558f0af9228f6a6549591b77ee06d
6790995e96e099f5fcb8e62a1c0bd602f44ddfd8189dd6ff6a0e1449eeb39978
679804e244b4127b7ecd99a513b57d6a4f91866410e16da69ce02f98f534051d
686eb5d7c927dd741ef72adda5c719b478d36f1e29520ee16d5121854c174b10
6896c70fd430a1ffe69dc778926e1866ca52a12bd341170522ad6278aafd7bcf
696482c2e2d088086d19d0fc4406632415e35b741ecc23151a75a39b8766a5d5
6b05fa11f39076a1b0e23a554192b1b541108adccc00e688a2e1e47e928ce052
6b2fb44b878d0e300b7cba863494945044fc0897374187b04721dddb79e51def
6fc78c662ed2d06f144425cf66aa944d0560259bc1426a772b2ac974531ee8db
70cfee2273cff08adc1de934c7ba4c26ef37c552c0265a619f7aaae84b366082
72fd91a025a1df956dcad9bf2bbd020ff03c72ac895e7c6ccbaf588d10ef7c19
73025a9fc3f5038650e940464b6f316404451750f04f12e0548ace2b741808c4
76185a158e03dd7eddcd3d661b4eee63e0e15e9f0c78c2cec646e0108fb09be5
797977a82780caf89bda3412509861e72e144d86673572b9e9b72d926c8bcbe1
798d2817849805518cc159e3194bf87db2de912b5fb65d271d6ad35220b523e6
7b699b93e69fda495eb30c70f72207299c8f949accd7b1e8a935948d59d9af44
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c152e903c61de42f520985506d68cb7ad9ee20c14ce1d5a8e68b23c8c68c8fc
7e00d5a424ff85e9c4c39a0341813e09d662e1f61f128790a5abe1caefb46f92
7ef97b12890fc6fee67f869c6e1f74b6719de7d66ac0d649c8d7386a80b4c30f
830e67bda2532cd5880ee86e3b33e69721082f8458bb0df0cd4edbb1577fd375
86551808dbfbf8bc9b23ab3d0725794c2e1f2b4265c96715f2945638160edc2b
8b965e2d53f89341d1eab47b1c06b389abb8785485d8cf92d72e4b5884a59e41
8f1b37fd8027cd3572e65d86ff4abc177632d7a232bccfb149801e25412950df
94bad9954c9dc33d05273f541c9f4ad8b7622eba628719cf61ff5969c3656b4f
94d185b092eb12a399becc1cf4fbd11ca29ee301156b298cbb16408b8f924702
95413b0b0487f654b60a6098b3fc0de3ab18efd9580990bbbd6c466d737340e2
9a74546a8f511f31b5252f115d2db7aa69370ca5eeaf6828f60abb197f35a169
9b61a38abc0e343f9cdeb049ded0608b26d80ac51673dc59113c661e11b405f8
9e99b16368b8c1087c20b7cfcd4d347ad8d9ad87e2f12c02bde98d77fb0f4aa3
a3e459748cea4644f18f82a58e89526526ff2e4aa862f4013ef89240a728b9c0
a4d1700a5722627ab817f154047da828c8eab3153daf0251fd4ec06e4a86acea
a4feacf07f26856360c14267fa1d8edd0459996feb8ad471da273cbf7510e4cb
a8027ee9180a5a26fc10c906f300390608b2e6505153ea80390ae15bbe986732
aaebee09409336c2c7cfccbd7b3ca3360032cf5983affeaea5eca39a15de3fd8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b20679c2b5ac8bf42dcd693e1c324b1c7b7f597c9a54c3c6f5609a73c6f08916
b24c5b325810b01a60487c8a42151b8f6ac44d1173722ec526c54fe7c4b7c762
b4574a5464bce4c31ea7e1ad1df26cc530c9aec80c6e9589bad98b2c490f53c3
b9265f44392cf6867327d090d6553738c6ce2223ffa70dd3bf82885f6b2d7be6
bfeb1411c94f38006c7a7c93992bfd348f825b5914c94ba2688060e77bd5f630
c090ca35fa296ca439f61d5a139459b3be5bb7c729086bdf268cdf27f236f7d6
c0fb20eb7da599c08ef260ec8603add33ea00a752146ebb8dcb1610c126ec746
c115f10444ec77e06c3a78d333dcc36d1d9996c24ce7086c8cf39caed0dbbc9a
c239243e04a137032106c293cb8cfb93057add704fa7a1c6a6e6c577c400b7fa
c3ccd760096e4a9ba6d6f0302d42f6b733918f7de23737df8ae5060dc1c438f6
c437eb764a99e6cd5172d63c3fae564bbc51eda4981058d5edebd2bf0700eb76
c55531a41c4e531e807f3b8bf2239d470626738ff131c50df61dee9d11779efd
c63de0488dd3407907555cfe3e116489a04cb99057b5133442fb20be704d2876
c6bc48664c752eb1c7ab46a024dd00a899b439975229c8cfdcf9b2a37ced0323
c892e3f2d2a1431a8ebae99542926bfedf2d7ece6652b04e556d6136cabd8295
c8d995577941cd43dc86dbcc2adf1c6cb795864d47697b6c17cd754072f887c2
d107585e5668bdc16163e383fd78e7a418f1eeb8a1093391dd69d7fd4f14450e
d126d27ad49023fbb9eee98910b70ff75515eedb4c471a20a3d895e8bf160b43
d3032ff7e71a938ab86456c60267b219f399ee6e17588690b26707ac4ab33682
d3c368636acfbc1ad3110ecd7e83cd91201a25035eefb869f0ba53fc80556ae5
d6e33dcfd5a1375c052eed527254620aee4518f7430e70dfcb3c4055284a2282
d72fcc31881c8545b5d0a716d9b66404dfed56c11ec7f7304a50d94e3b80858a
d750ae97310d5b660387fca124fb574a9f0a8d07426ca460962b005da2b3d4dc
d7e512037d471d67911554862fb8b410aefdefda17c8e82f8eb07d2416363d1f
d908e0bbf3a80aa1e4108a7847f6a61c1acfb6dd43f7c2e997f9fdc107391577
db2ccc051fd7633008012ea29d2598c95d84c9a9c985db4359eb1982bd6f2b8b
dcfe7c5333c1446a6d4b0b3d9cf9fdb5d6d4ad57c604b647475f6e315cfb2e23
e2032422cf97795d878d7e8f6c5680b61003a0e7426d090ad76414416d5e109b
e2222fd30ffb381c16af460298a066d8d7c2bafd22c4f7e0ddea291972a7e845
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4dda841c731d19974cdfa6ad5694ac6d20e9c10817574afd354413a634981f2
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
ee3a7301fe1e0c0f6bf6acff0d7a8d107f5cb3f62a2566740c0416d8e61f00b9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef30ea175304f6c549c4780d5bf6fd45c3ec79e1ec5dccbd54644231d5a30b88
f071110e088267097a0946520a2a08bd589f971f3ce4cb989feda1415026ac49
f10adae49adfa818062a6eceb50629a68614fb3fc25b59b2f1d77d8850bfd7c8
f2f6e980489a52d69fd72e2bc3c3eeb96bf851d0df449fc865637d63ee4775ae
f4592559f32c358656dec6f72f2124b72269659256be0e63661ca5b34177769b
fd6d62f4d67e7fda1a1402702346bc50fd7c172c18393a4e0210257b2adbe62d