forms.turnedaway.ca Open in urlscan Pro
2606:4700:3036::ac43:d760 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://forms.turnedaway.ca/
Submission: On March 01 via api (March 1st 2024, 1:12:38 pm UTC) from US — Scanned from US

Summary HTTP 38 Redirects Behaviour Indicators

Summary

This website contacted 18 IPs in 2 countries across 13 domains to perform 38 HTTP transactions. The main IP is 2606:4700:3036::ac43:d760, located in United States and belongs to CLOUDFLARENET, US. The main domain is forms.turnedaway.ca.
TLS certificate: Issued by GTS CA 1P5 on February 27th 2024. Valid for: 3 months.

This is the only time forms.turnedaway.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1	2606:4700:303... 2606:4700:3036::ac43:d760	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	2606:4700:20:... 2606:4700:20::681a:f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	34.149.132.198 34.149.132.198	15169 (GOOGLE) (GOOGLE)
4	2607:f8b0:400... 2607:f8b0:4004:c17::cf	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c08::61	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f08e:219:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:36::36	15169 (GOOGLE) (GOOGLE)
1	34.111.125.42 34.111.125.42	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
4	2606:4700:20:... 2606:4700:20::681a:1f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:4004:c08::64	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:46::40 2620:1ec:46::40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2001:4860:480... 2001:4860:4802:36::181	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4004:c06::9d	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c1b::69	15169 (GOOGLE) (GOOGLE)
2	20.231.53.73 20.231.53.73	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a03:2880:f17... 2a03:2880:f17b:283:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1 2	20.110.205.119 20.110.205.119	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2607:f8b0:400... 2607:f8b0:4004:c1d::5f	15169 (GOOGLE) (GOOGLE)
38	18

1 2606:4700:3036::ac43:d760 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.turnedaway.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700:20::681a:f0 (United States)

ASN13335 (CLOUDFLARENET, US)

fonts.heyflow.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.149.132.198 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 198.132.149.34.bc.googleusercontent.com

eu.clients.heyflow.app	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4004:c17::cf (Washington, United States)

ASN15169 (GOOGLE, US)

storage.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::61 (Washington, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f08e:219:face:b00c:0:3 (Saint-Denis, France)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:36::36 (United States)

ASN15169 (GOOGLE, US)

europe-west3-heyflow-clients.cloudfunctions.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.125.42 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 42.125.111.34.bc.googleusercontent.com

flows.heyflow.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:20::681a:1f0 (United States)

ASN13335 (CLOUDFLARENET, US)

tracking.heyflow.cloud	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c08::64 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:36::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c06::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c1b::69 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.231.53.73 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

q.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f17b:283:face:b00c:0:25de (Saint-Denis, France)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.110.205.119 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4004:c1d::5f (Washington, United States)

ASN15169 (GOOGLE, US)

maps.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
11	heyflow.cloud fonts.heyflow.cloud — Cisco Umbrella Rank: 295996 flows.heyflow.cloud tracking.heyflow.cloud — Cisco Umbrella Rank: 376170	97 KB
6	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 756 q.clarity.ms — Cisco Umbrella Rank: 7463 c.clarity.ms — Cisco Umbrella Rank: 1360	28 KB
6	googleapis.com storage.googleapis.com — Cisco Umbrella Rank: 303 maps.googleapis.com — Cisco Umbrella Rank: 374	171 KB
3	google.com analytics.google.com — Cisco Umbrella Rank: 148 www.google.com — Cisco Umbrella Rank: 2	701 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 100	216 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 84	397 B
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 29	21 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 180	71 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 40	193 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 244	761 B
1	cloudfunctions.net europe-west3-heyflow-clients.cloudfunctions.net	257 B
1	heyflow.app eu.clients.heyflow.app	11 KB
1	turnedaway.ca forms.turnedaway.ca	358 KB
38	13

	Domain	Requested by
6	fonts.heyflow.cloud	forms.turnedaway.ca fonts.heyflow.cloud
4	tracking.heyflow.cloud	forms.turnedaway.ca
4	storage.googleapis.com	forms.turnedaway.ca
2	maps.googleapis.com	eu.clients.heyflow.app maps.googleapis.com
2	c.clarity.ms	1 redirects
2	www.facebook.com	forms.turnedaway.ca
2	q.clarity.ms	www.clarity.ms
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	analytics.google.com	www.googletagmanager.com
2	www.clarity.ms	forms.turnedaway.ca www.clarity.ms
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	forms.turnedaway.ca connect.facebook.net
2	www.googletagmanager.com	forms.turnedaway.ca www.googletagmanager.com
1	c.bing.com	1 redirects
1	www.google.com	forms.turnedaway.ca
1	flows.heyflow.cloud	forms.turnedaway.ca
1	europe-west3-heyflow-clients.cloudfunctions.net	eu.clients.heyflow.app
1	eu.clients.heyflow.app	forms.turnedaway.ca
1	forms.turnedaway.ca
38	19

This site contains no links.

Subject Issuer	Validity	Valid
forms.turnedaway.ca GTS CA 1P5	`2024-02-27` - `2024-05-27`	3 months	crt.sh
heyflow.cloud GTS CA 1P5	`2024-02-14` - `2024-05-14`	3 months	crt.sh
eu.clients.heyflow.app GTS CA 1D4	`2024-01-06` - `2024-04-05`	3 months	crt.sh
storage.googleapis.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-12-09` - `2024-03-08`	3 months	crt.sh
misc.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
flows.heyflow.cloud GTS CA 1D4	`2024-01-05` - `2024-04-04`	3 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 01	`2024-01-14` - `2024-06-27`	5 months	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-05` - `2024-04-29`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://forms.turnedaway.ca/
Frame ID: B3DAF46209700260483722C65FE07F3D
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

TurnedAway - Apply for HELOChouse-chimney-2house-apartmentbuilding-2building-1envelopephonehuman-resources-employeebusiness-deal-handshakecash-bulbteam-share-ideareal-estate-deal-shakereal-estate-action-building-check

Detected technologies

Google Maps (Maps) Expand

Overall confidence: 100%
Detected patterns

//maps\.google(?:apis)?\.com/maps/api/js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

38
Requests

97 %
HTTPS

79 %
IPv6

13
Domains

19
Subdomains

18
IPs

2
Countries

952 kB
Transfer

2973 kB
Size

16
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 32

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4D046D344BAB49298C2D432ABA7C4331&RedC=c.clarity.ms&MXFR=3E3FDA166E7E642E3B2BCE236A7E6A71 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D046D344BAB49298C2D432ABA7C4331&MUID=3C1B1781F42A6EA2309E03B4F58D6F02

38 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
forms.turnedaway.ca/ 1 MB
358 KB 860ms
779ms Document
text/html 2606:4700:3036::ac43:d760
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3036::ac43:d760 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: a4de26de18927be010374606c21aa352514a988750ae1090e924ace69b4c28fe

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: en-US,en;q=0.9

Response headers

access-control-allow-origin: *
alt-svc: h3=":443"; ma=86400
cache-control: private
cf-cache-status: DYNAMIC
cf-ray: 85d966242fa5259a-MIA
content-encoding: br
content-type: text/html
date: Fri, 01 Mar 2024 13:12:30 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nbFiJTpP35w4UEEeiPzWCpZ5qStRva3XsXmjTrrd%2BxqKWor8i9X0U4h0hkcSkBMqxn13SSFH8rjGp%2FLbZKRrEQvAHpyryj43Ey8CF5hqEXdj1uhff4%2BMN3PSCiInnU%2BNBdLjQ2I1qnwthJMb671gy2nT"}],"group":"cf-nel","max_age":604800}
server: cloudflare
vary: Accept-Encoding
via: 1.1 google, 1.1 google
x-cloud-trace-context: 69d9ff9ad461c7dd72512e431eaa442e
x-powered-by: Express

GET
H2 200 icon
fonts.heyflow.cloud/ 472 B
857 B 120ms
49ms Stylesheet
text/css 2606:4700:20::681a:f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.heyflow.cloud/icon?family=Material+Icons
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e43c688214a21ba5fdd6d476880783a43aed90ff09b69aea8af2ec1c63911fb4

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:30 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 57067
cf-polished: origSize=571
x-powered-by: Express
last-modified: Thu, 29 Feb 2024 21:21:23 GMT
cf-bgj: minify
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LFXBrVb6Vxv4gTURKz%2B%2F635OSaWMNz0srt%2BdTbrxYIW%2F4WsCF7mDdaLVIoljESbiGGJw1g6Jg09zvoCeav9ybs2a20XNJ1z%2BbN3fZgeOiZ%2FqnFp9Q31PozBau07hbhajvn7i2f1mxGR5VsF7MYwNZIo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 469d40d3457f83df90679a2a2d8383f4
cache-control: private, max-age=604800
cf-ray: 85d9662988b45c63-MIA

GET
H2 200 css
fonts.heyflow.cloud/ 41 KB
2 KB 776ms
706ms Stylesheet
text/css 2606:4700:20::681a:f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: e5a446358214cd1696ad036a3d0f6745816a399dea9cfdbcdb2e47f36e2f2c27

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:31 GMT
content-encoding: br
cf-cache-status: MISS
last-modified: Fri, 01 Mar 2024 13:12:31 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vffSTZZWdjYn3ytEL0kyU%2FrJgiwx0YW5mERXmQMQxGOqvnNjtlVbfMgJMeU4Kb2tmYMq0F%2BJBdBu8zCOH%2F2aFpcJF8WLNokUbgbPUXHS%2Bx3CuMldu9dLY935oGKFgwEPfmfjnkq7Kh7ECjS1hrHAYE0%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-cloud-trace-context: 02d53832e1acc07a9da60470eae6ace7
cache-control: private, max-age=604800
cf-ray: 85d9662988b65c63-MIA

GET
H2 200 heyflow-maps-embed.js Show response
eu.clients.heyflow.app/cmr-mortgageBrokersNetwork/ 11 KB
11 KB 637ms
557ms Script
application/javascript 34.149.132.198
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://eu.clients.heyflow.app/cmr-mortgageBrokersNetwork/heyflow-maps-embed.js?version=0.0.8
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.149.132.198 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 198.132.149.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 8c979eff5ba4d6c69760cd44e7119da3821c7502325e7e8a19f8aed37ffe2151

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:31 GMT
via: 1.1 google
x-guploader-uploadid: ABPtcPrK3LX6Phb3YDm1mR9sD6rFrJ2OmRj15_EgjkZO38wzoROWGNfok7S7zSKD4FkIxaQv9Q4
x-goog-storage-class: STANDARD
x-goog-metageneration: 2
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 11011
last-modified: Thu, 29 Feb 2024 05:25:42 GMT
server: UploadServer
etag: "3fa329bf95f4ccd7edd91ff1fd05f7a1"
x-goog-generation: 1709184342853868
content-type: application/javascript
x-goog-hash: crc32c=JGcG+g==, md5=P6Mpv5X0zNft2R/x/QX3oQ==
cache-control: public, max-age=3600
x-goog-stored-content-length: 11011
accept-ranges: bytes
expires: Fri, 01 Mar 2024 14:12:31 GMT

GET
H2 200 13cf2cc1-71d3-4d3c-add4-5a8b2b7e303a.jpeg
storage.googleapis.com/builder.zenflow.de/ta-fb-short-app/www/assets/ 7 KB
7 KB 785ms
676ms Image
image/jpeg 2607:f8b0:4004:c17::cf
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/builder.zenflow.de/ta-fb-short-app/www/assets/13cf2cc1-71d3-4d3c-add4-5a8b2b7e303a.jpeg
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::cf Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: bb22b19d51e54d02cdcf81b6d14891d1173db19526b7ff2132d5d7cb78ea500b

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
x-guploader-uploadid: ABPtcPoJPQwPp4sAM55s6U5i-XR0ukGhtYvTURlFgISrFaHNB9O-wvhynTTTNOiySZwjkks_Rvg
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Tue, 27 Feb 2024 14:36:12 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1709044572377019
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=nSDxkA==, md5=+8/7jfvybK0BQekzSKAitg==
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 6268
accept-ranges: none
expires: Fri, 01 Mar 2024 14:12:32 GMT

GET
H2 200 ecfdd4a3-da1c-4117-aa02-8530259cbf6f.webp
storage.googleapis.com/builder.zenflow.de/ta-fb-short-app/www/assets/ 5 KB
5 KB 779ms
672ms Image
image/webp 2607:f8b0:4004:c17::cf
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/builder.zenflow.de/ta-fb-short-app/www/assets/ecfdd4a3-da1c-4117-aa02-8530259cbf6f.webp
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::cf Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 9b4fe16dae39b0285f0a86002d23ab21a8bbe67bb12279f8ba6f4e2cd4f86c21

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
x-guploader-uploadid: ABPtcPpxo3ZPjamAEcaELNLIIuO94IQFOKjAo097f3loO8VCObvayeiptYxiThsxJzLq2Mi2jsQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Tue, 27 Feb 2024 14:38:02 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1709044682359875
content-type: image/webp
access-control-allow-origin: *
x-goog-hash: crc32c=gRdklA==, md5=iWc4/fFSbDfAJfPol1PlAw==
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 4789
accept-ranges: none
expires: Fri, 01 Mar 2024 14:12:32 GMT

GET
H2 200 5dc3cb40-57cc-4834-b611-1e705dcd7e64.jpeg
storage.googleapis.com/builder.zenflow.de/ta-fb-short-app/www/assets/ 77 KB
77 KB 203ms
202ms Image
image/jpeg 2607:f8b0:4004:c17::cf
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/builder.zenflow.de/ta-fb-short-app/www/assets/5dc3cb40-57cc-4834-b611-1e705dcd7e64.jpeg
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::cf Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 2e0e389f70b5898ee13ad5a56f7bc14bf1c6033c0d8971347ff56c068d3e1250

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
x-guploader-uploadid: ABPtcPpiA872pG68oQeim4bkmcNu8-P6d3wRHlgWB-pfvkbZZMf2W8SK3xWxhBMozWdtzo7qzf4
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Tue, 27 Feb 2024 14:38:02 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1709044682359895
content-type: image/jpeg
access-control-allow-origin: *
x-goog-hash: crc32c=hn1I2Q==, md5=CJMQbrOT/11Zea7hFy/Ipw==
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 78445
accept-ranges: none
expires: Fri, 01 Mar 2024 14:12:32 GMT

GET
H2 200 4e578e0b-8473-4271-9a04-ddc1154013d9.png
storage.googleapis.com/builder.zenflow.de/ta-fb-short-app/www/assets/ 8 KB
8 KB 655ms
654ms Image
image/png 2607:f8b0:4004:c17::cf
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://storage.googleapis.com/builder.zenflow.de/ta-fb-short-app/www/assets/4e578e0b-8473-4271-9a04-ddc1154013d9.png
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c17::cf Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: UploadServer /
Resource Hash: 4ea2b51cbbae7ec854f2bc8ecb543a4f6485cf46d86393d2eb46ab45955ab8d0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
x-guploader-uploadid: ABPtcPpvKgImK2GdqOiUGz90UThIVDHyWplLCHzQc4DOjk4l5JFO4EpdfpGSlzPfNtwi8We_Z1g
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
last-modified: Tue, 27 Feb 2024 18:07:01 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1709057221512310
content-type: image/png
access-control-allow-origin: *
x-goog-hash: crc32c=gMzWCw==, md5=Y+ARXIT9ulEmyzX179dziw==
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 8174
accept-ranges: none
expires: Fri, 01 Mar 2024 14:12:32 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 273 KB
96 KB 196ms
90ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KQRFZD

Requested by

Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c233effa118103118712781a687ed1fe3f39971bb6ed01f08de6ffdd185761df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97763
x-xss-protection: 0
last-modified: Fri, 01 Mar 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 01 Mar 2024 13:12:32 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 214 KB
58 KB 424ms
138ms Script
application/x-javascript 2a03:2880:f08e:219:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f08e:219:face:b00c:0:3 Saint-Denis, France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 01 Mar 2024 13:12:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57257
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: RKd1jjJaTf4C9xjMJZzpUdyZ62CWr1grXBXcdhFA95WCJ9zKYYMjA4NtCaZKkHfwNua0fR5NgJmlp9NMjBoJBQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.heyflow.cloud/s/poppins/v20/ 8 KB
8 KB 112ms
51ms Font
font/woff2 2606:4700:20::681a:f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.heyflow.cloud/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by: Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446

Request headers

Referer: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Origin: https://forms.turnedaway.ca
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 727
x-powered-by: Express
content-length: 7748
last-modified: Fri, 01 Mar 2024 13:00:25 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BYiDw8UpOBeuPyO9Hb4PZ2d9ZH6NExHJdbVqkk1naMwKEK6joe30VZp93XlvqZmnmXF%2F%2FASdlkrccFEY9Y61OeTZuNZ%2FeK48MUwdo74JPQwdI0At8zT9BJFtEd2zI%2FhpRZR68w29ynD9ViHjMihld2s%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
x-cloud-trace-context: b141906982b4092b1a8435f2f140128e
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 85d966303e1767ba-MIA

GET
H2 200 pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
fonts.heyflow.cloud/s/poppins/v20/ 8 KB
8 KB 121ms
60ms Font
font/woff2 2606:4700:20::681a:f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.heyflow.cloud/s/poppins/v20/pxiByp8kv8JHgFVrLEj6Z1xlFQ.woff2
Requested by: Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

Request headers

Referer: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Origin: https://forms.turnedaway.ca
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 241204
x-powered-by: Express
content-length: 8000
last-modified: Tue, 27 Feb 2024 18:12:28 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hfRfqsSfxbNk1CfvixcF0Y0XNoCeKL5WXBNdrphC2OZgNkHCOk%2BvGZ5G0hroWe2TuIeMJNfoZYlyLfnWyXbVOPIFh4m%2F%2FbzgbiBPZX14sJtTtBOpj6k%2B2jBkfbcCGK9z07G5a6C6Bd17%2Bc14ZhBuQBE%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
x-cloud-trace-context: 73f92af99f74fb3682ecd7f33de1643f
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 85d966303e1a67ba-MIA

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.heyflow.cloud/s/poppins/v20/ 8 KB
8 KB 114ms
52ms Font
font/woff2 2606:4700:20::681a:f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.heyflow.cloud/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by: Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Request headers

Referer: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Origin: https://forms.turnedaway.ca
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 231066
x-powered-by: Express
content-length: 7884
last-modified: Tue, 27 Feb 2024 21:01:26 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d3aetbSsT9Vhrj6QURDzV%2FumgNXn3uCQJrwqcuo65J8Itdckxnb11UE1YVh2to1m15PMHBuFmQ6NYPVrshVObLGcIG9dkMgD6WnXcNmfGeowFPrHhqWJR5XlLNUzLZMa0sj%2BDWUx3nVxtL9txa1ngms%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
x-cloud-trace-context: 8bfdc968db6f6d9d1b023aadb1146b7a
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 85d966303e1b67ba-MIA

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.heyflow.cloud/s/poppins/v20/ 8 KB
8 KB 114ms
53ms Font
font/woff2 2606:4700:20::681a:f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://fonts.heyflow.cloud/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by: Host: fonts.heyflow.cloud
URL: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Request headers

Referer: https://fonts.heyflow.cloud/css?family=Open+Sans:300,400,500,600,700,800|Poppins:300,400,500,600,700,800&display=swap
Origin: https://forms.turnedaway.ca
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 231066
x-powered-by: Express
content-length: 7816
last-modified: Tue, 27 Feb 2024 21:01:26 GMT
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVJuOmmIqJlAGd9wuyUkV29oRM9bf2MU%2F%2FqtpYyAbHR60CGSm63IW7WHI%2B8iQT0gcj1%2BoG4EugwuFqKDBU7casaAQRVwx985z8uvPkqkRQukYt1G81t%2FxZmAiliAWYuzHG0BaCC2tL%2BcpdD%2BS5iGd9s%3D"}],"group":"cf-nel","max_age":604800}
content-type: font/woff2
access-control-allow-origin: *
x-cloud-trace-context: 18257e5a0f8ad2dd6687b22edf397b1c
cache-control: public, max-age=604800
accept-ranges: bytes
cf-ray: 85d966303e1d67ba-MIA

GET
H2 200 / Show response
europe-west3-heyflow-clients.cloudfunctions.net/mortgageBrokersNetwork-maps/ 70 B
257 B 1661ms
1589ms Fetch
application/json 2001:4860:4802:36::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://europe-west3-heyflow-clients.cloudfunctions.net/mortgageBrokersNetwork-maps/?name=gmaps-mortgageBrokersNetwork
Requested by: Host: eu.clients.heyflow.app
URL: https://eu.clients.heyflow.app/cmr-mortgageBrokersNetwork/heyflow-maps-embed.js?version=0.0.8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Google Frontend /
Resource Hash: 3a3ddcf058ae435c80818b770d65f2ebb499b961b8549e661145a8a84c8fcaea

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-origin: *
x-cloud-trace-context: 2eeeb77e9ed85e13efa20109f9929e4b;o=1
date: Fri, 01 Mar 2024 13:12:33 GMT
server: Google Frontend
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70
content-type: application/json; charset=utf-8

GET
H2 200 libphone.chunk.js Show response
flows.heyflow.cloud/ta-fb-short-app/www/dist/ 233 KB
61 KB 674ms
580ms Script
application/javascript 34.111.125.42
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://flows.heyflow.cloud/ta-fb-short-app/www/dist/libphone.chunk.js
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.125.42 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 42.125.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 14d70190fbdf864ba0258486337502992db367d45aff6dd7e879f5fe830d6837

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
content-encoding: gzip
via: 1.1 google
x-guploader-uploadid: ABPtcPpHLm6ZskDLA_RPbqVY1YdrM_n7DluDuxLlB5dE-iWMOwdSp7X6vBgaQJzSU-3tkkuaNQ
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 3
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 61900
last-modified: Thu, 29 Feb 2024 21:25:45 GMT
server: UploadServer
etag: "47915cd013b560489209a85ab2a2d9ca"
vary: Accept-Encoding
x-goog-generation: 1709241945923212
content-type: application/javascript
access-control-allow-origin: *
x-goog-hash: crc32c=oOxERw==, md5=R5Fc0BO1YEiSCahasqLZyg==
access-control-expose-headers: Content-Type
cache-control: no-store, max-age=0
x-goog-stored-content-length: 61900
accept-ranges: bytes
expires: Fri, 01 Mar 2024 13:12:32 GMT

POST
H2 200 / Show response
tracking.heyflow.cloud/ 2 B
317 B 212ms
212ms XHR
text/plain 2606:4700:20::681a:1f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.heyflow.cloud/
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://forms.turnedaway.ca/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
via: 1.1 google, 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, PUT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BxRd8CoiiwCNkC7nICTyx814292EF251snEg5spjoETl39TNKLmN1Sze1fvjEwZoiurMxYs6IFJVBNWD9GIGEYlXkVS%2BLEB3IIViJLdmFXijLioF6WHm46yLAbCnvBrP5ou1vehnWZU%2B8%2FHr9Oyb%2Byiz2tU%3D"}],"group":"cf-nel","max_age":604800}
x-cloud-trace-context: 6b635790c82e3b9514dc80265be1725e
cf-ray: 85d966318b349ab9-MIA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 2

OPTIONS
H2 200 /
tracking.heyflow.cloud/ 0
0 244ms
155ms Preflight
text/plain 2606:4700:20::681a:1f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.heyflow.cloud/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://forms.turnedaway.ca
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, PUT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 85d9663089b09ab9-MIA
content-length: 2
content-type: text/plain; charset=utf-8
date: Fri, 01 Mar 2024 13:12:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=j%2FaFqteRcb5IV8sKxPmPCCFRftZYhy4ndnkhfFxLiSZaFvjpp3G4GiV101S3jNIcpLNAmQLtXMlmggpiTDOOI3wfmukf3XvsBKluPnZ207m7VxuNBfxmA4RaUOb%2BrX6YaOzIu1naPJibtuQTzfvM%2Bptm7YE%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google, 1.1 google
x-cloud-trace-context: de2126b0f27ca8c95c184d1bf8b96d4c

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 297 KB
98 KB 88ms
87ms Script
application/javascript 2607:f8b0:4004:c08::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-WYVR0CVB9D&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KQRFZD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::61 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

23538d7975faa10d860dbe525dcd0e1d70050a71bc341307342922ae56c55e39

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 99793
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 01 Mar 2024 13:12:32 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 158ms
52ms Script
text/javascript 2607:f8b0:4004:c08::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KQRFZD

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::64 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 01 Mar 2024 12:22:22 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3010
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 01 Mar 2024 14:22:22 GMT

GET
H2 200 kfo3bbangw Show response
www.clarity.ms/tag/ 701 B
1 KB 244ms
150ms Script
application/x-javascript 2620:1ec:46::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/kfo3bbangw?ref=gtm2
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:46::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 471e84f19d1f93887c4b97bae9e670f0a9cad97638d70b0370f2b71b9f7550dc

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

expires: -1
date: Fri, 01 Mar 2024 13:12:32 GMT
x-azure-ref: 20240301T131232Z-4m8nb4s6813uhe14bd3drnuqa4000000090000000000pd44
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 701
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

OPTIONS
H2 200 /
tracking.heyflow.cloud/ 0
0 486ms
485ms Preflight
text/plain 2606:4700:20::681a:1f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.heyflow.cloud/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://forms.turnedaway.ca
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
access-control-allow-methods: GET, POST, PUT
access-control-allow-origin: *
cf-cache-status: DYNAMIC
cf-ray: 85d96632dd749ab9-MIA
content-length: 2
content-type: text/plain; charset=utf-8
date: Fri, 01 Mar 2024 13:12:32 GMT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FhbhxHTZ30DO2Y0zpdF4sVN5S3isMLOd9cjFxy2rxlGwpLl9coPhzy72UTql%2FAFYOv%2BhDH7%2Fm6DKyg83GrJap5gWP3XrkWq5%2FreCUZm67VEbZ3Z4ioBMDB30fJ10gVPjdXc7hw0f87uHzn%2FonZqqCX0V9a8%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
via: 1.1 google, 1.1 google
x-cloud-trace-context: 2f983dcd1bb1a6d1ff567ba364649105

POST
H2 200 / Show response
tracking.heyflow.cloud/ 2 B
340 B 218ms
217ms XHR
text/plain 2606:4700:20::681a:1f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.heyflow.cloud/
Requested by: Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:20::681a:1f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept: application/json, text/plain, */*
Referer: https://forms.turnedaway.ca/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: application/json;charset=UTF-8

Response headers

date: Fri, 01 Mar 2024 13:12:33 GMT
via: 1.1 google, 1.1 google
cf-cache-status: DYNAMIC
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
access-control-allow-methods: GET, POST, PUT
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gB9fbLwSahgpSZN0zG3B255SbwLXviCns5zksUfqSvYsyMpFt3K2FtsMfe9RzqD1KqQW5nlR12AEoXuuOef%2FHnnRMN5r%2FMVxPN%2F2fo8kkH4kosZ0MBWguiMKQxjsqmLsGK%2FEBsuIUO2ABSzQx%2FHUGGqYrtg%3D"}],"group":"cf-nel","max_age":604800}
x-cloud-trace-context: 8e425bace55e262df54b964fcb88b046
cf-ray: 85d96635e9d89ab9-MIA
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 2

POST
H2 204 collect
analytics.google.com/g/ 0
248 B 111ms
41ms Ping
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-WYVR0CVB9D&gtm=45je42s0v9117816211z871860558za220&_p=1709298751662&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tt=0&cid=1625279101.1709298752&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EA&_s=1&sid=1709298752&sct=1&seg=0&dl=https%3A%2F%2Fforms.turnedaway.ca%2F&dt=TurnedAway%20-%20Apply%20for%20HELOC&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2481
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WYVR0CVB9D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 13:12:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://forms.turnedaway.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
248 B 170ms
60ms Ping
text/plain 2607:f8b0:4004:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-WYVR0CVB9D&cid=1625279101.1709298752&gtm=45je42s0v9117816211z871860558za220&aip=1&dma=0&gcd=13l3l3l3l1&npa=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WYVR0CVB9D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c06::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 13:12:32 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://forms.turnedaway.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
212 B 61ms
60ms XHR
text/plain 2607:f8b0:4004:c08::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=725751653&t=pageview&_s=1&dl=https%3A%2F%2Fforms.turnedaway.ca%2F&ul=en-us&de=UTF-8&dt=TurnedAway%20-%20Apply%20for%20HELOC&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=516637784&gjid=464977756&cid=1625279101.1709298752&tid=UA-62053410-1&_gid=269153100.1709298753&_r=1&_slc=1&gtm=45He42s0n71KQRFZDv71860558za200&gcd=13l3l3l3l1&dma=0&z=31811493

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c08::64 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://forms.turnedaway.ca/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 13:12:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://forms.turnedaway.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.22/ 60 KB
25 KB 55ms
55ms Script
application/javascript 2620:1ec:46::40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.22/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/kfo3bbangw?ref=gtm2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:46::40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 3a582829e2c11dde7e02e0952effb8a8b97770c95705e03ecc82f848cb8684fd

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:32 GMT
content-encoding: br
last-modified: Thu, 29 Feb 2024 15:07:22 GMT
etag: W/"0x8DC39382173A2DD"
vary: Accept-Encoding
x-azure-ref: 20240301T131232Z-4m8nb4s6813uhe14bd3drnuqa4000000090000000000pd4m
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 591b8744-101e-0065-4538-6b809f000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 2 B
149 B 75ms
61ms XHR
text/plain 2607:f8b0:4004:c06::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-62053410-1&cid=1625279101.1709298752&jid=516637784&gjid=464977756&_gid=269153100.1709298753&_u=YADAAEAAAAAAACAAI~&z=570195529

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c06::9d Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://forms.turnedaway.ca/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Fri, 01 Mar 2024 13:12:32 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://forms.turnedaway.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 170ms
63ms Image
image/gif 2607:f8b0:4004:c1b::69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-62053410-1&cid=1625279101.1709298752&jid=516637784&_u=YADAAEAAAAAAACAAI~&z=1619356853

Requested by

Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1b::69 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 13:12:32 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 286246232906462 Show response
connect.facebook.net/signals/config/ 61 KB
13 KB 301ms
300ms Script
application/x-javascript 2a03:2880:f08e:219:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/286246232906462?v=2.9.147&r=stable&domain=forms.turnedaway.ca&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f08e:219:face:b00c:0:3 Saint-Denis, France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

18d33333f9cdf8039871ee1f2301c60c11806dc069a5daf03dfa81fdf8e055ca

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

permissions-policy-report-only: clipboard-read=(), clipboard-write=(), picture-in-picture=();report-to="permissions_policy"
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 01 Mar 2024 13:12:32 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma: public
x-fb-debug: WowTtxmjdn+IZAMvj7n6HgkbxZE72hUnT+99x4Pae9e9lDO9/p0uZty5m/IqLvaIiSqVLAkqLZDH7tdYxod4Ow==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
299 B 287ms
177ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.22/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://forms.turnedaway.ca/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://forms.turnedaway.ca
Date: Fri, 01 Mar 2024 13:12:32 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 402ms
132ms Image
text/plain 2a03:2880:f17b:283:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=286246232906462&ev=Lead&dl=https%3A%2F%2Fforms.turnedaway.ca%2F%23type-of-home&rl=&if=false&ts=1709298753042&sw=1600&sh=1200&v=2.9.147&r=stable&ec=1&o=4126&fbp=fb.1.1709298753038.859167682&cs_est=true&est_source=313904311694794&ler=empty&cdl=API_unavailable&it=1709298752709&coo=false&eid=uar3u33qhq83_313904311694794&es=automatic&tm=3&exp=e1&rqm=GET

Requested by

Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f17b:283:face:b00c:0:25de Saint-Denis, France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 01 Mar 2024 13:12:33 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/tr/ 0
31 B 402ms
132ms Image
text/plain 2a03:2880:f17b:283:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=286246232906462&ev=PageView&dl=https%3A%2F%2Fforms.turnedaway.ca%2F%23type-of-home&rl=&if=false&ts=1709298753043&cd[event]=PageView&cd[flow_id]=ta-fb-short-app&cd[host]=forms.turnedaway.ca&cd[path]=%2F&cd[origin]=https%3A%2F%2Fforms.turnedaway.ca&cd[title]=TurnedAway%20-%20Apply%20for%20HELOC&cd[hash]=%23type-of-home&cd[referrer]=&cd[screen_width]=1600&cd[screen_height]=1200&cd[user_id]=_xdrdr1&cd[screen_id]=id-91da2b2d&cd[session_id]=d7l1hq&cd[ab_variant_id]=nJTJyxEeo6SPp8uUxqHY&sw=1600&sh=1200&v=2.9.147&r=stable&ec=0&o=4126&fbp=fb.1.1709298753038.859167682&cs_est=true&ler=empty&cdl=API_unavailable&it=1709298752709&coo=false&eid=uar3u33qhq83&exp=e1&rqm=GET

Requested by

Host: forms.turnedaway.ca
URL: https://forms.turnedaway.ca/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f17b:283:face:b00c:0:25de Saint-Denis, France, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 01 Mar 2024 13:12:33 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=4D046D344BAB49298C2D432ABA7C4331&RedC=c.clarity.ms&MXFR=3E3FDA166E7E642E3B2BCE236A7E6A71
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D046D344BAB49298C2D432ABA7C4331&MUID=3C1B1781F42A6EA2309E03B4F58D6F02

42 B
442 B

49ms
48ms

Image
image/gif

20.110.205.119
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D046D344BAB49298C2D432ABA7C4331&MUID=3C1B1781F42A6EA2309E03B4F58D6F02
Protocol: H2
Server: 20.110.205.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 13:12:32 GMT
last-modified: Fri, 09 Feb 2024 19:57:16 GMT
server: Microsoft-IIS/10.0
etag: "34cccc2e925bda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Fri, 01 Mar 2024 13:12:33 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4B3C00C14DC946D88E9487A5C980AFA5 Ref B: MIAEDGE1610 Ref C: 2024-03-01T13:12:33Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=4D046D344BAB49298C2D432ABA7C4331&MUID=3C1B1781F42A6EA2309E03B4F58D6F02
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 js Show response
maps.googleapis.com/maps/api/ 223 KB
74 KB 201ms
94ms Script
text/javascript 2607:f8b0:4004:c1d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/js?key=AIzaSyAbEDiMj1K_TvO8fV52oZ1I7nChp1z6rkE&libraries=places&language=en

Requested by

Host: eu.clients.heyflow.app
URL: https://eu.clients.heyflow.app/cmr-mortgageBrokersNetwork/heyflow-maps-embed.js?version=0.0.8

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

9135749bea6d925c589f11b1d5935131b3a9d80db74fa6c342a0ebf081abe00b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=UTF-8
cache-control: public, max-age=1800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75648
x-xss-protection: 0

POST
H/1.1 204
No Content collect Show response
q.clarity.ms/ 0
299 B 54ms
54ms XHR
text/plain 20.231.53.73
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://q.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.22/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.231.53.73 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://forms.turnedaway.ca/
accept-language: en-US,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://forms.turnedaway.ca
Date: Fri, 01 Mar 2024 13:12:33 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

GET
H3 200 gen_204 Show response
maps.googleapis.com/maps/api/mapsjs/ 3 B
45 B 210ms
106ms XHR
application/json 2607:f8b0:4004:c1d::5f
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true

Requested by

Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyAbEDiMj1K_TvO8fV52oZ1I7nChp1z6rkE&libraries=places&language=en

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c1d::5f Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

scaffolding on HTTPServer2 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Fri, 01 Mar 2024 13:12:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: scaffolding on HTTPServer2
vary: Origin, X-Origin, Referer
x-frame-options: SAMEORIGIN
content-type: application/json; charset=UTF-8
access-control-allow-origin: https://forms.turnedaway.ca
access-control-expose-headers: vary,vary,vary,content-encoding,date,server,content-length
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 23
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
45 B 41ms
41ms Ping
text/plain 2001:4860:4802:36::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-WYVR0CVB9D&gtm=45je42s0v9117816211za220&_p=1709298751662&gcd=13l3l3l3l1&npa=0&dma=0&tt=0&cid=1625279101.1709298752&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_eu=EEA&_s=2&sid=1709298752&sct=1&seg=0&dl=https%3A%2F%2Fforms.turnedaway.ca%2F&dt=TurnedAway%20-%20Apply%20for%20HELOC&en=scroll&epn.percent_scrolled=90&_et=13&tfd=7497
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-WYVR0CVB9D&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:36::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-US,en;q=0.9
Referer: https://forms.turnedaway.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 01 Mar 2024 13:12:37 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://forms.turnedaway.ca
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

26 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.turnedaway.ca/	1970-01-20 20:57:54	Name: _gcl_au Value: 1.1.1936519372.1709298752
.turnedaway.ca/	1970-01-21 04:24:18	Name: _ga_WYVR0CVB9D Value: GS1.1.1709298752.1.0.1709298752.60.0.0
.turnedaway.ca/	1970-01-21 04:24:18	Name: _ga Value: GA1.2.1625279101.1709298752
.turnedaway.ca/	1970-01-20 18:49:45	Name: _gid Value: GA1.2.269153100.1709298753
.turnedaway.ca/	1970-01-20 18:48:18	Name: _gat_UA-62053410-1 Value: 1
www.clarity.ms/	1970-01-21 03:33:54	Name: CLID Value: a64799c9f60e4e94b7b07c40db3066a4.20240301.20250301
.turnedaway.ca/	1970-01-21 03:33:54	Name: _clck Value: 7w17n2%7C2%7Cfjp%7C0%7C1521
.turnedaway.ca/	1970-01-20 18:49:45	Name: _clsk Value: 14ubzr3%7C1709298753023%7C1%7C1%7Cq.clarity.ms%2Fcollect
.turnedaway.ca/	1970-01-20 20:57:54	Name: _fbp Value: fb.1.1709298753038.859167682
.bing.com/	1970-01-21 04:09:54	Name: MUID Value: 3C1B1781F42A6EA2309E03B4F58D6F02
.c.bing.com/	1970-01-20 18:58:23	Name: MR Value: 0
.c.bing.com/	1970-01-21 04:09:54	Name: SRM_B Value: 3C1B1781F42A6EA2309E03B4F58D6F02
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 04:09:54	Name: MUID Value: 3C1B1781F42A6EA2309E03B4F58D6F02
.c.clarity.ms/	1970-01-20 18:58:23	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 18:48:19	Name: ANONCHK Value: 0

15 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://connect.facebook.net/signals/config/286246232906462?v=2.9.147&r=stable&domain=forms.turnedaway.ca&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105) Message: Unrecognized feature: 'attribution-reporting'.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://forms.turnedaway.ca/#type-of-home Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
c.bing.com
c.clarity.ms
connect.facebook.net
eu.clients.heyflow.app
europe-west3-heyflow-clients.cloudfunctions.net
flows.heyflow.cloud
fonts.heyflow.cloud
forms.turnedaway.ca
maps.googleapis.com
q.clarity.ms
stats.g.doubleclick.net
storage.googleapis.com
tracking.heyflow.cloud
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
20.110.205.119
20.231.53.73
2001:4860:4802:36::181
2001:4860:4802:36::36
2606:4700:20::681a:1f0
2606:4700:20::681a:f0
2606:4700:3036::ac43:d760
2607:f8b0:4004:c06::9d
2607:f8b0:4004:c08::61
2607:f8b0:4004:c08::64
2607:f8b0:4004:c17::cf
2607:f8b0:4004:c1b::69
2607:f8b0:4004:c1d::5f
2620:1ec:46::40
2620:1ec:c11::200
2a03:2880:f08e:219:face:b00c:0:3
2a03:2880:f17b:283:face:b00c:0:25de
34.111.125.42
34.149.132.198
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
14d70190fbdf864ba0258486337502992db367d45aff6dd7e879f5fe830d6837
18d33333f9cdf8039871ee1f2301c60c11806dc069a5daf03dfa81fdf8e055ca
23538d7975faa10d860dbe525dcd0e1d70050a71bc341307342922ae56c55e39
2e0e389f70b5898ee13ad5a56f7bc14bf1c6033c0d8971347ff56c068d3e1250
3a3ddcf058ae435c80818b770d65f2ebb499b961b8549e661145a8a84c8fcaea
3a582829e2c11dde7e02e0952effb8a8b97770c95705e03ecc82f848cb8684fd
471e84f19d1f93887c4b97bae9e670f0a9cad97638d70b0370f2b71b9f7550dc
4ea2b51cbbae7ec854f2bc8ecb543a4f6485cf46d86393d2eb46ab45955ab8d0
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8c979eff5ba4d6c69760cd44e7119da3821c7502325e7e8a19f8aed37ffe2151
9135749bea6d925c589f11b1d5935131b3a9d80db74fa6c342a0ebf081abe00b
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b4fe16dae39b0285f0a86002d23ab21a8bbe67bb12279f8ba6f4e2cd4f86c21
a4de26de18927be010374606c21aa352514a988750ae1090e924ace69b4c28fe
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bb22b19d51e54d02cdcf81b6d14891d1173db19526b7ff2132d5d7cb78ea500b
c233effa118103118712781a687ed1fe3f39971bb6ed01f08de6ffdd185761df
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43c688214a21ba5fdd6d476880783a43aed90ff09b69aea8af2ec1c63911fb4
e5a446358214cd1696ad036a3d0f6745816a399dea9cfdbcdb2e47f36e2f2c27
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4e80d9dfd374d02989b87a27b5ed4cb78fbb177c27f1478e9a8b0afb7513149

forms.turnedaway.ca Open in urlscan Pro 2606:4700:3036::ac43:d760 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

38 Requests

97 %HTTPS

79 %IPv6

13 Domains

19 Subdomains

18 IPs

2 Countries

952 kBTransfer

2973 kBSize

16 Cookies

0 Outgoing links

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

forms.turnedaway.ca Open in urlscan Pro
2606:4700:3036::ac43:d760 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

97 %
HTTPS

79 %
IPv6

13
Domains

19
Subdomains

18
IPs

2
Countries

952 kB
Transfer

2973 kB
Size

16
Cookies

38 HTTP transactions
0 data transactions