www.cardlay.com Open in urlscan Pro
108.138.189.68 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.cardlay.com/
Effective URL:
https://www.cardlay.com/
Submission: On December 22 via api (December 22nd 2022, 3:11:20 pm UTC) from US — Scanned from DE

Summary HTTP 57 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 16 IPs in 5 countries across 13 domains to perform 57 HTTP transactions. The main IP is 108.138.189.68, located in United States and belongs to AMAZON-02, US. The main domain is www.cardlay.com.
TLS certificate: Issued by Amazon on February 7th 2022. Valid for: a year.

This is the only time www.cardlay.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	108.138.189.67 108.138.189.67	16509 (AMAZON-02) (AMAZON-02)
26	108.138.189.68 108.138.189.68	16509 (AMAZON-02) (AMAZON-02)
4	162.159.138.60 162.159.138.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	2606:4700:310... 2606:4700:3108::ac42:2b1a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:806::200a	15169 (GOOGLE) (GOOGLE)
1 2	2606:4700::68... 2606:4700::6810:7daf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80b::2003	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:829::2008	15169 (GOOGLE) (GOOGLE)
2	2600:9000:205... 2600:9000:2057:6400:6:e348:15c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	18.66.15.69 18.66.15.69	16509 (AMAZON-02) (AMAZON-02)
6	199.232.18.109 199.232.18.109	54113 (FASTLY) (FASTLY)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2600:9000:205... 2600:9000:2057:8a00:6:e348:15c0:93a1	16509 (AMAZON-02) (AMAZON-02)
5	63.32.161.232 63.32.161.232	16509 (AMAZON-02) (AMAZON-02)
1	13.32.99.98 13.32.99.98	16509 (AMAZON-02) (AMAZON-02)
57	16

1 108.138.189.67 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-138-189-67.mxp64.r.cloudfront.net

www.cardlay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

26 108.138.189.68 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-189-68.mxp64.r.cloudfront.net

www.cardlay.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)

player.vimeo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700:3108::ac42:2b1a (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

assets.calendly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
calendly.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7daf (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:829::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2057:6400:6:e348:15c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

widgets.legalmonster.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
widgets.openli.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:8012:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.15.69 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-15-69.vie50.r.cloudfront.net

sc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 199.232.18.109 (Vienna, Austria)

ASN54113 (FASTLY, US)

f.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.vimeocdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2057:8a00:6:e348:15c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

widgets.openli.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 63.32.161.232 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

app.openli.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.99.98 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-99-98.fra60.r.cloudfront.net

tr-rc.lfeeder.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
27	cardlay.com 1 redirects www.cardlay.com	2 MB
7	openli.com widgets.openli.com — Cisco Umbrella Rank: 182922 app.openli.com — Cisco Umbrella Rank: 176518	14 KB
6	vimeocdn.com f.vimeocdn.com — Cisco Umbrella Rank: 3310 i.vimeocdn.com — Cisco Umbrella Rank: 3218	264 KB
4	vimeo.com player.vimeo.com — Cisco Umbrella Rank: 1896	32 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 51	190 KB
3	calendly.com 1 redirects assets.calendly.com — Cisco Umbrella Rank: 13133 calendly.com — Cisco Umbrella Rank: 11448	18 KB
2	lfeeder.com sc.lfeeder.com — Cisco Umbrella Rank: 14287 tr-rc.lfeeder.com — Cisco Umbrella Rank: 19593	11 KB
2	gstatic.com fonts.gstatic.com	32 KB
2	unpkg.com 1 redirects unpkg.com — Cisco Umbrella Rank: 793	1 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2623	338 B
1	facebook.net connect.facebook.net — Cisco Umbrella Rank: 149	28 KB
1	legalmonster.com widgets.legalmonster.com — Cisco Umbrella Rank: 232409	88 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	1 KB
57	13

	Domain	Requested by
27	www.cardlay.com	1 redirects www.cardlay.com
5	app.openli.com	widgets.legalmonster.com
4	player.vimeo.com	www.cardlay.com
3	i.vimeocdn.com	player.vimeo.com
3	f.vimeocdn.com	player.vimeo.com
3	www.googletagmanager.com	www.cardlay.com www.googletagmanager.com
2	widgets.openli.com	widgets.legalmonster.com
2	fonts.gstatic.com	fonts.googleapis.com
2	unpkg.com	1 redirects www.cardlay.com
2	assets.calendly.com	www.cardlay.com
1	tr-rc.lfeeder.com
1	region1.google-analytics.com	www.googletagmanager.com
1	sc.lfeeder.com	www.cardlay.com
1	connect.facebook.net	www.cardlay.com
1	widgets.legalmonster.com	www.cardlay.com
1	calendly.com	1 redirects
1	fonts.googleapis.com	www.cardlay.com
57	17

This site contains links to these domains. Also see Links.

Domain
pay.cardlay.com
www.youtube.com
cardlay.com
cardlayhelp.zendesk.com
twitter.com
www.linkedin.com
vimeo.com
openli.com

Subject Issuer	Validity	Valid
cardlay.com Amazon	`2022-02-07` - `2023-03-08`	a year	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-04-01` - `2023-03-31`	a year	crt.sh
calendly.com Cloudflare Inc ECC CA-3	`2022-05-09` - `2023-05-09`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
widgets.openli.com Amazon	`2022-09-26` - `2023-10-25`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-09-30` - `2022-12-29`	3 months	crt.sh
*.lfeeder.com Amazon	`2022-07-09` - `2023-08-07`	a year	crt.sh
*.vimeocdn.com GlobalSign Atlas R3 DV TLS CA 2022 Q2	`2022-05-17` - `2023-06-18`	a year	crt.sh
app.openli.com R3	`2022-11-21` - `2023-02-19`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.cardlay.com/
Frame ID: 1184CA4BF2799BFF2242A28A4203FFBC
Requests: 50 HTTP requests in this frame

Frame: https://player.vimeo.com/video/701185056?h=5576db4323&playsinline=1&title=false&byline=false&portrait=false&dnt=true
Frame ID: 61D89422CEDF3A753A6BED6561216120
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

We make it easy to handle cards, payments, and expenses.

Page URL History Show full URLs

http://www.cardlay.com/ HTTP 301
https://www.cardlay.com/ Page URL

Detected technologies

Calendly (Appointment scheduling) Expand

Overall confidence: 100%
Detected patterns

https://assets\.calendly\.com/assets/external/widget\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

57
Requests

96 %
HTTPS

56 %
IPv6

13
Domains

17
Subdomains

16
IPs

5
Countries

2643 kB
Transfer

30134 kB
Size

8
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://pay.cardlay.com/
Title: Cardlay Pay

Search URL Search Domain Scan URL

URL: https://www.youtube.com/embed/_EW8K5spG4Y?vq=hd1080&autoplay=1&modestbranding=1&showinfo=0&rel=0&iv_load_policy=3&theme=light&color=white
Title: Play video (00:46)

Search URL Search Domain Scan URL

URL: https://cardlay.com/products
Title: More info.

Search URL Search Domain Scan URL

URL: https://cardlayhelp.zendesk.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://twitter.com/cardlay?lang=da

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/10606371/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCrUgr-k71dlBzvj_n4Ns-KQ

Search URL Search Domain Scan URL

URL: https://vimeo.com/cardlay

Search URL Search Domain Scan URL

URL: https://cardlay.com/assets/Privacypolicy.pdf
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://openli.com/?utm_source=widget-free&utm_medium=cookie-consent-banner&utm_campaign=powered_by&utm_content=PkFrCEB8BhYnVRTdChTCgEAG

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.cardlay.com/ HTTP 301
https://www.cardlay.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 21

https://unpkg.com/flickity@2/dist/flickity.min.css HTTP 302
https://unpkg.com/flickity@2.3.0/dist/flickity.min.css

Request Chain 22

https://calendly.com/assets/external/widget.css HTTP 302
https://assets.calendly.com/assets/external/widget.css

57 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.cardlay.com/
Redirect Chain

http://www.cardlay.com/
https://www.cardlay.com/

71 KB
14 KB

503ms
460ms

Document
text/html

108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

164cdf451df2ee7c1560cd58c9dcb33e6b83643c0e31eb056ecb9313bf41d48b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: null
cache-control: max-age=31536000,public
content-encoding: br
content-type: text/html
date: Thu, 22 Dec 2022 15:11:14 GMT
etag: W/"2cc65b230a13ea88ec6e6f1cdb83307e"
last-modified: Tue, 20 Dec 2022 13:32:21 GMT
referrer-policy: strict-origin-when-cross-origin
server: AmazonS3
strict-transport-security: max-age=31536000; includeSubdomains
vary: Accept-Encoding
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-amz-cf-id: RZhb_3-qHv1o7IPpGefbYiIRhZT5lvPCzUHvQ8rje7PcmDUJb3gFRA==
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-amz-version-id: 00m3P9Q5a1ePECFaEteuFh808MJk8S9w
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 167
Content-Type: text/html
Date: Thu, 22 Dec 2022 15:11:12 GMT
Location: https://www.cardlay.com/
Referrer-Policy: strict-origin-when-cross-origin
Server: CloudFront
Via: 1.1 e502901885892afe656ee1a0e9f33d48.cloudfront.net (CloudFront)
X-Amz-Cf-Id: FnBANPS_oX7_pXUzsKKacLanOY33ZQL4UrmHXlqq_Y3DHBPUdKMINg==
X-Amz-Cf-Pop: MXP64-P1
X-Cache: Redirect from cloudfront
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H2 200 site.css
www.cardlay.com/css/ 733 KB
33 KB 161ms
161ms Stylesheet
text/css 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

4e1e2ae3f4561e986deaee99301c6249e07aac5a7ba05346da0fd9d9aa9c87d6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: ISHIAKU_64FNvodeko0bd.lPJZs6RAoq
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:20 GMT
server: AmazonS3
etag: W/"65d791c4c611133ccedeb4b8fd411f03"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: 4fzCHa83eOIS9U1MR0K9y5-qhRS1OAxqLm70-eIwxTO26_suT5zFcw==

GET
H2 200 bank_ny-1654254016.svg
www.cardlay.com/assets/ 788 B
1 KB 175ms
175ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/bank_ny-1654254016.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

af3b0785dbf80a2f5f64866759729106e4f1d43e532e5c5052acf5027bd2f677

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: uWNdJC..DjFuEnKVPfOYqUBoIOtyCQxe
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 788
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:14 GMT
server: AmazonS3
etag: "ed53a9237c01ab8a1910c9a4aba4c8f4"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: Y60CTZFkJm1Ukmvf8mzyQnL0KLTpYjuCs5cCQPpOdDmpcmWq_ZU9JQ==

GET
H2 200 fintechs.svg
www.cardlay.com/assets/ 2 KB
1 KB 132ms
128ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/fintechs.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

e497862d0cd9d661bc3fc3224b6563d45d6db94f9b12ab243943d3984e9f959b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: hoDkWELSgorYn0CUTmtRWZyDqhil1D4z
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:16 GMT
server: AmazonS3
etag: W/"1ef1b76df1c055b1dd66f158f6fb5d73"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: KAWYSR6gx68PzddOSf2Q0g-A-8bcDcuYRkGqcVHQlr0qORjU2TKHRA==

GET
H2 200 fleet.svg
www.cardlay.com/assets/ 2 KB
2 KB 132ms
128ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/fleet.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9b5b244b3654bce523e2204f07590a4909891d26e51d36c161973c6d6ac0c180

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: 88WuVn4LsmXJLcGCDg4XC5Fo2P4fPPep
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:16 GMT
server: AmazonS3
etag: W/"07cfa0a9b55a87ef73e3764af457fafd"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: WvjAJkz1oagm1-5CutWU3Q-es0SBMi0Z3_nTP_b9BidXVHNCup7AtA==

GET
H2 200 erps.svg
www.cardlay.com/assets/ 6 KB
3 KB 133ms
129ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/erps.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c049ee6050ce808cdbe3738cffec31c418aec6e1ead43c28cc3b69d9f7531069

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: nLk6xR3DUJQ1BPcapTM2.s9xxgvfeaJ3
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:16 GMT
server: AmazonS3
etag: W/"e48897e62e31475d58dfecec002219f1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: Z2nswZYdaH6NLJt7Dfd-mupi-mMebthF_NVbMNQTCEVX5EcZlK66Jg==

GET
H2 200 Group-133.svg
www.cardlay.com/assets/ 1 KB
1 KB 168ms
165ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/Group-133.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f41ac388e48b0c76db641d8dd1e924d30056ad8e62c0c765177daf54142e6ddf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: 3kwzpodbmXdFpTllxwpx2ViM3tpdzlDD
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:13 GMT
server: AmazonS3
etag: W/"27579d4704921c90271fcd57e59da98f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: TEMJNZGjPj2O2DCLRYIv4njqbiTXB-LEMAZg0RU4Hz3HbicJ4BNsgQ==

GET
H2 200 Group-134.svg
www.cardlay.com/assets/ 2 KB
1 KB 154ms
150ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/Group-134.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

9f4dc3aa5c08ee1c15f6a7d88f6ecc10ec0144506b0bae8018b25b83f33e000c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: TjpEhF56UEdY9ZY1ba_bypv4Lof_cb0x
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:13 GMT
server: AmazonS3
etag: W/"63e4a3555cc198ab15db38be2df7c160"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: 9S1wkZlL8IeRtJW8Eo2xw66KUzkggsY1HD28a7RI1u-ElP12KfAnXg==

GET
H2 200 Group-135.svg
www.cardlay.com/assets/ 3 KB
2 KB 163ms
160ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/Group-135.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

f59b75b016d6be9e6a7a8095dd9a039a88bea08770d1cba19da98b41f228e365

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: Ziq9MWyLU7kuq.1fW0DAYKiNs.ZZ2gAS
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:13 GMT
server: AmazonS3
etag: W/"ef7f53bf9a66cad7b0989f48b49a7d04"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: 3uYJ2P7QlMvfUVejjJUmgmvZfqBITG5_EIWzQ0AittdRKhnz-IwTXw==

GET
H2 200 news.svg
www.cardlay.com/assets/ 2 KB
1 KB 166ms
162ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/news.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

89964a1e976665256ba2040ff198c773ad9662a22b0e9839a4b1d6740939be57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: l7oESQ0SbgKKbojywcWeWU.9VubzA_GY
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:19 GMT
server: AmazonS3
etag: W/"6aefae09e15ad4707e5ebf86eb8c584b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: AylhKlH9J3CaGIClAyuaqpc8yWYutrFwt09AfQ-NbWJSFnIO8Hs7lA==

GET
H2 200 careers.svg
www.cardlay.com/assets/ 602 B
1 KB 178ms
176ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/careers.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

74fb1c94c07673b80034ac6fe9e7bb10be8e3fa131c307e31ba870e3098980bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: VPGWloNsqYB3FhR89rPvqpjYAwNGPrxl
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 602
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:15 GMT
server: AmazonS3
etag: "ca0feec3daaa22cc9077e27a68029af8"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: WpNSAQi_JlfX_g9qh5Xkd-XMdsFwmfP84lYEVYhSsY-IEsyhW28bVw==

GET
H2 200 aboutcard.svg
www.cardlay.com/assets/ 873 B
1 KB 172ms
169ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/aboutcard.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

fcd9b7637ea1a042ad8a04c43c511f504e03d1b1b5d82c27f98e1a074edd2908

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: BUouGKD_f6NFG8jgqltT9Q5Jnwpft2uE
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 873
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:14 GMT
server: AmazonS3
etag: "0a4d9be60e9ff1edc001359eb806e237"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: h1zeybfBnnjbXtjeu72O-HX0wVEYO0Ugfl-JwNwUovGG_Fx0IhWk5w==

GET
H/1.1 200
OK player.js Show response
player.vimeo.com/api/ 21 KB
7 KB 94ms
35ms Script
application/javascript 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/api/player.js

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7919e42c1593715dd408c9f1e4b5c51b5b80ead7dc71b94535180b452724519f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-varnish-cache: 1
Date: Thu, 22 Dec 2022 15:11:13 GMT
content-security-policy: default-src 'none'; style-src 'unsafe-inline'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
CF-Cache-Status: DYNAMIC
via: 1.1 varnish, 1.1 varnish
Age: 103
X-Cache: HIT
p3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
expires: Thu, 22 Dec 2022 15:35:01 GMT
x-host: player-755b6fb99b-p9p4l
Connection: keep-alive
x-vserver: playproxy-rollout-prod-varnish-6
Content-Length: 6272
x-xss-protection: 1; mode=block
X-Served-By: cache-hhn-etou8220043-HHN
X-Player-Backend: p
Server: cloudflare
X-Timer: S1671721873.420507,VS0,VE0
x-backend-proxy: playproxy7
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-bapp-server: player-755b6fb99b-p9p4l
Accept-Ranges: bytes
CF-RAY: 77d9c9eccb699b67-FRA
X-Cache-Hits: 56

GET
H2 200 infrastructureIcon.svg
www.cardlay.com/assets/ 1 KB
980 B 192ms
189ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/infrastructureIcon.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

3240ea26261d368d6e276f88d4e140888c3a929ae91d759c7c8293a0c67ac246

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: X89NBGuOV3gJ1Valhl0hidyduoKafwSn
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:16 GMT
server: AmazonS3
etag: W/"0e0dba7d9c7053d4c7f0b895d0b15c0f"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: k-QSri8TG1JNsGib8bzRQOdXw52Lqb4cCmFRY9F5oKVHfI_3TMsCpg==

GET
H2 200 frontEndServiceIcon-1634117491.svg
www.cardlay.com/assets/ 1 KB
949 B 132ms
130ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/frontEndServiceIcon-1634117491.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

feb374c55fc7e858c8a3bcdd94c321e79bb819051f3578eaccca98c4a96ca173

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: QUNINep_Ypjwp6db2Iu8HxopTPKNwu3q
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:16 GMT
server: AmazonS3
etag: W/"0e749c949831581cf04968e61c2afcf6"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: MTYGwq_n2oKMtpNvaoi2vklGaeJVdVI_13T2xtpJDBBlVFIi3h7NPA==

GET
H2 200 apiIcon.svg
www.cardlay.com/assets/ 756 B
1 KB 158ms
156ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/apiIcon.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c18e3121c9ed86c50ec96041928a7d839a31ab105468ef62142b91cd1c7da9e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: JuoYGwtafGe.ntjhzYQMz0aCczAVjB._
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 756
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:14 GMT
server: AmazonS3
etag: "6fdbf961bccd5875f008b56f3bbaa4e8"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: yPh-S-jmxh1KCL1L0bZ6Vncf2MbMWRQVXHyP1w2bFpzQG1q48kq8NA==

GET
H2 200 site.js Show response
www.cardlay.com/js/ 264 KB
91 KB 179ms
175ms Script
application/javascript 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cardlay.com/js/site.js?id=94417314b4465fd62ea2

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7e4815d68bea9605afd26163dfcf1185281d52f2f2812c89052794942c501a7b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: utD5naME6YQ.f1qXU69W6bZ3LLEbH3Jv
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:21 GMT
server: AmazonS3
etag: W/"94417314b4465fd62ea24a53b259c1ec"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: 8oiH5MP4_hIFUQwPe9_4YXG9a5bQyE44X0986b_T1y6ICNO6RO7xDw==

GET
H2 200 widget.js Show response
assets.calendly.com/assets/external/ 44 KB
16 KB 183ms
152ms Script
application/javascript 2606:4700:3108::ac42:2b1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.calendly.com/assets/external/widget.js

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:3108::ac42:2b1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86321659b430d61d1c232e225e927b7f052fa61669e5afc15044f75740d04429

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Fri, 02 Dec 2022 13:42:05 GMT
cf-bgj: minify
server: cloudflare
age: 142
etag: W/"c30e8b97d12c7710012f00f92bcd9de5"
vary: Accept-Encoding
content-type: application/javascript
content-encoding: br
cache-control: public, max-age=300
cf-ray: 77d9c9ec99a9927d-FRA
expires: Fri, 23 Dec 2022 15:11:13 GMT

GET
H2 200 f6cb85ee055fe9945af6f0bbec5c3e3c.png
www.cardlay.com/img/containers/assets/Cardlay-logo-Copy.png/ 76 KB
77 KB 236ms
234ms Image
image/png 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/img/containers/assets/Cardlay-logo-Copy.png/f6cb85ee055fe9945af6f0bbec5c3e3c.png

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

359d1e740c9fbafe1c5332c9cf6c09d15f2703eb956803b363df6c38b97e1157

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: oO1PJYVSmPinp8XXGSxY4Y2ieOkrYvGE
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 77806
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:20 GMT
server: AmazonS3
etag: "a8daf03874e81e52a1b3c0c55739fed8"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: 5gWdh5N8gda7HtLxHMRkH-YY7B6QZ65s37R659acT5LSOd_XP3kSWA==

GET
H2 200 526b5fd9835b91656884d6fb1b667bdb.png
www.cardlay.com/img/containers/assets/concur-logo.png/ 95 KB
96 KB 198ms
196ms Image
image/png 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/img/containers/assets/concur-logo.png/526b5fd9835b91656884d6fb1b667bdb.png

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

69a685495932283379be3fee7eb8d07d07ba939769a488e7c2e1c5b191884b48

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: R_eo1nuM8Yub7u6M6ZRe5U9SGDfaHeSG
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 97410
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:21 GMT
server: AmazonS3
etag: "3aa84efc6f9e18a7cc95920a70952e4c"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: cZLlQI17S08j4dY3mifmD0UGYvuQ98KXAxXXL6YzrKFW2AVIrUse4A==

GET
H2 206 shutterstock_anim_final_gradient.mp4
www.cardlay.com/assets/ 24 MB
0 224ms
224ms Media
video/mp4 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.cardlay.com/assets/shutterstock_anim_final_gradient.mp4

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cardlay.com/
Accept-Encoding: identity;q=1, *;q=0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Range: bytes=0-

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
x-amz-version-id: tHDzon5q8tQ9Oys853sjnjKHyPzTA0dA
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
Content-Range: bytes 0-37298902/37298903
Content-Length: 37298903
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:19 GMT
server: AmazonS3
etag: "ee745de38eebf59d0a31653e5d05fe59-5"
x-frame-options: SAMEORIGIN
content-type: video/mp4
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: oShDlYsVCqyL1ZeCWk5o7mmLGd3WSrPdgT5n_PYlyfWwjsHCFH9ufQ==

GET
H2 200 css2
fonts.googleapis.com/ 8 KB
1 KB 110ms
50ms Stylesheet
text/css 2a00:1450:4001:806::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700;900&display=swap

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fa5ad2ff0d36c5b2ad8cddd0e6fc23094c135574e8daea25a153f61be1d2f0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 22 Dec 2022 15:11:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 22 Dec 2022 13:40:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 22 Dec 2022 15:11:13 GMT

GET
H2

200

flickity.min.css
unpkg.com/flickity@2.3.0/dist/
Redirect Chain

https://unpkg.com/flickity@2/dist/flickity.min.css
https://unpkg.com/flickity@2.3.0/dist/flickity.min.css

2 KB
798 B

33ms
33ms

Stylesheet
text/css

2606:4700::6810:7daf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/flickity@2.3.0/dist/flickity.min.css

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Protocol

Server

2606:4700::6810:7daf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8eef2ef6cf882d5e2e9167cb7c8b0ebbeb75b28a698835488733d149326fab4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 25656969
last-modified: Sat, 26 Oct 1985 08:15:00 GMT
fly-request-id: 01FX0HW0K22KAA26H571F7KZTB-fra
server: cloudflare
etag: W/"705-iG4rBnn9uZ8eW5XLtZHjveGiMLs"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 77d9c9ee69799bc4-FRA

Redirect headers

date: Thu, 22 Dec 2022 15:11:13 GMT
via: 1.1 fly.io
x-content-type-options: nosniff
cf-cache-status: HIT
fly-request-id: 01GMX63VKKTGVNVGZ8CR1K9XZP-fra
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 99
vary: Accept, Accept-Encoding
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
location: /flickity@2.3.0/dist/flickity.min.css
cache-control: public, s-maxage=600, max-age=60
cf-ray: 77d9c9ee39299bc4-FRA

GET
H2

200

widget.css
assets.calendly.com/assets/external/
Redirect Chain

https://calendly.com/assets/external/widget.css
https://assets.calendly.com/assets/external/widget.css

3 KB
1 KB

255ms
255ms

Stylesheet
text/css

2606:4700:3108::ac42:2b1a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.calendly.com/assets/external/widget.css

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Protocol

Server

2606:4700:3108::ac42:2b1a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2617c501bb702b5f41ef1f1eaf8702aa8fe688b0219aa8d616b906e44af4cf43

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
age: 184
cf-polished: status=cannot_optimize
last-modified: Thu, 01 Dec 2022 21:07:42 GMT
cf-bgj: minify
server: cloudflare
etag: W/"397a083322efd65055fd33da0d62ee2c"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=300
cf-ray: 77d9c9ef981f927d-FRA
expires: Fri, 23 Dec 2022 15:11:14 GMT

Redirect headers

date: Thu, 22 Dec 2022 15:11:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
location: https://assets.calendly.com/assets/external/widget.css
cf-ray: 77d9c9edec3c927d-FRA
content-length: 0

GET
H2 200 2754b9c37e7abd073a83bf2b091d3de6.jpg
www.cardlay.com/img/containers/assets/card-management-bg@2x.jpg/ 96 KB
97 KB 306ms
306ms Image
image/jpeg 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/img/containers/assets/card-management-bg@2x.jpg/2754b9c37e7abd073a83bf2b091d3de6.jpg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

c8c22baa077a087d7e254f9574197f3ed78305554b30998c77595e34e68598d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
x-amz-version-id: AsSutbrrcyZlxZmoSwDVdwgIXpUJtmN6
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 98325
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:21 GMT
server: AmazonS3
etag: "443edee7dd8cf6f6f453dbf5f94a726c"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: ryFIJSetbNWQ5jAuUxsNgFTTGfa2zjPT5gQHZ0iIe8Z-Ko8bdcs6iA==

GET
DATA 200
OK truncated
/ 226 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1505ec5f96be77f3f428766eefacb45909eba760d28d71bc14d424f8216449e3

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H2 200 81294aaa2c6f7db94eedbb63a41140d1.jpg
www.cardlay.com/img/containers/assets/expense-management-bg@2x-1626960535.jpg/ 72 KB
73 KB 314ms
314ms Image
image/jpeg 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/img/containers/assets/expense-management-bg@2x-1626960535.jpg/81294aaa2c6f7db94eedbb63a41140d1.jpg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

050d912d10bf1d31e5a35310b2da08036cc878d4c9ac33fca082c558579e7b0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
x-amz-version-id: KLG6N2MG6zBUlfNGKgjFwtWeFWiLYvgD
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 73678
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:21 GMT
server: AmazonS3
etag: "bbe6277b40a8a0dd2d250239c40e690b"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: 0o_6Qdxtju5TkjdBWGN9hUz4EOGEkslo4R7dpvh_unpZKSunjV7P9A==

GET
H2 200 143617eff48a5d58c3d55e5d746b806e.jpg
www.cardlay.com/img/containers/assets/fleet-1655281800.jpg/ 109 KB
110 KB 315ms
315ms Image
image/jpeg 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/img/containers/assets/fleet-1655281800.jpg/143617eff48a5d58c3d55e5d746b806e.jpg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

aefc81e20c4c9bff0b4801161d18c48a05d54ee6d4aeb1f528012ab553cde9bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
x-amz-version-id: 6Nnst.ilPajnllJATyeomER38UcbhzFO
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 112070
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:21 GMT
server: AmazonS3
etag: "be3011fbf375e54bdc067bd616afb5bc"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: SDdbCjO0eJy5-w19FVoBTFu9puMhUYDUFKMq8oYD5gCaI8fkLTvOdg==

GET
H2 200 da8120d22b3b8a65859928595c26501b.jpg
www.cardlay.com/img/containers/assets/homePageProductPaymentCloud-1634114635.jpg/ 131 KB
131 KB 314ms
314ms Image
image/jpeg 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/img/containers/assets/homePageProductPaymentCloud-1634114635.jpg/da8120d22b3b8a65859928595c26501b.jpg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

5bd97cc298975b2ec39b760588f862ea9396e507c678535ac0408e8c80d345e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
x-amz-version-id: I7RIjklwvqyBpLUJiydaWV..eWg3mgZg
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 133655
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:21 GMT
server: AmazonS3
etag: "95ea24a704f3168d11fd2466212bb5e4"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: qtSdsGEEjbjAlLwvxPgKqAJ_kAjptMyDjQ2mVFji-ap1q34lE4J-RQ==

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 80ms
17ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cardlay.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 15 Dec 2022 19:42:15 GMT
x-content-type-options: nosniff
age: 588539
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 15 Dec 2023 19:42:15 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 92ms
29ms Font
font/woff2 2a00:1450:4001:80b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;700;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.cardlay.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Mon, 19 Dec 2022 16:44:52 GMT
x-content-type-options: nosniff
age: 253582
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Tue, 19 Dec 2023 16:44:52 GMT

GET
H2 200 smelarge.svg
www.cardlay.com/assets/ 495 KB
224 KB 426ms
426ms Image
image/svg+xml 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/smelarge.svg

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

cd8312a7f8b4cf905c629f48561fc8e5cdfdc83c073ff54ba5f9fe22404cbcd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
x-amz-version-id: xpMKW4uY3vLrOvyr4K1JGiKOp0ybpidN
content-encoding: br
strict-transport-security: max-age=31536000; includeSubdomains
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:19 GMT
server: AmazonS3
etag: W/"9303c6835d260041ef5d9e6219bfdcf2"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
access-control-allow-origin: null
cache-control: max-age=31536000,public
x-amz-cf-id: 2HJwZ2-tgN3g83M38NLX4RpmQNUggsQa9uZQhztzSiQboY0fMRYXwg==

GET
H/1.1 200
OK 701185056 Show response
player.vimeo.com/video/ Frame 61D8 20 KB
10 KB 331ms
294ms Document
text/html 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/video/701185056?h=5576db4323&playsinline=1&title=false&byline=false&portrait=false&dnt=true

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b885bc6ceb136ec8899c79c3a2684048a579a53d5ead4382f3b937fd5a1236de

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://.akamaized.net https://.akamaized-staging.net https://.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://.ingest.sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://.dna-delivery.com https://.kollective.app/ https://mimir.cloud.vimeo.com https://.wirewax.com https://.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://.vimeocdn.com https://.akamaized.net https://.akamaized-staging.net https://.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://.vimeocdn.com https://.akamaized.net https://.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*; report-uri /_csp
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.cardlay.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Age: 0
CF-Cache-Status: DYNAMIC
CF-RAY: 77d9c9f1b9fd925f-FRA
Connection: keep-alive
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Thu, 22 Dec 2022 15:11:14 GMT
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Cache: MISS
X-Cache-Hits: 0
X-Player-Backend: p
X-Served-By: cache-hhn-etou8220031-HHN
X-Timer: S1671721874.215439,VS0,VE244
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy: script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://*.ingest.sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*; report-uri /_csp
expires: Thu, 22 Dec 2022 15:21:14 GMT
link: <https://i.vimeocdn.com>; rel=preconnect; crossorigin <https://f.vimeocdn.com>; rel=preconnect; crossorigin <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
p3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 varnish, 1.1 varnish
x-backend-proxy: playproxy9
x-bapp-server: player-755b6fb99b-rxbdz
x-content-type-options: nosniff
x-host: player-755b6fb99b-rxbdz
x-varnish-cache: 0
x-vserver: playproxy-rollout-prod-varnish-8
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK player.js Show response
player.vimeo.com/api/ 21 KB
7 KB 52ms
52ms Script
application/javascript 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/api/player.js

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7919e42c1593715dd408c9f1e4b5c51b5b80ead7dc71b94535180b452724519f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-varnish-cache: 1
Date: Thu, 22 Dec 2022 15:11:14 GMT
content-security-policy: default-src 'none'; style-src 'unsafe-inline'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
CF-Cache-Status: DYNAMIC
via: 1.1 varnish, 1.1 varnish
Age: 104
X-Cache: HIT
p3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
expires: Thu, 22 Dec 2022 15:35:01 GMT
x-host: player-755b6fb99b-p9p4l
Connection: keep-alive
x-vserver: playproxy-rollout-prod-varnish-6
Content-Length: 6272
x-xss-protection: 1; mode=block
X-Served-By: cache-hhn-etou8220039-HHN
X-Player-Backend: p
Server: cloudflare
X-Timer: S1671721874.196706,VS0,VE0
x-backend-proxy: playproxy7
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-bapp-server: player-755b6fb99b-p9p4l
Accept-Ranges: bytes
CF-RAY: 77d9c9f18eb89b67-FRA
X-Cache-Hits: 60

GET
H/1.1 200
OK player.js Show response
player.vimeo.com/api/ 21 KB
7 KB 95ms
94ms Script
application/javascript 162.159.138.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://player.vimeo.com/api/player.js

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7919e42c1593715dd408c9f1e4b5c51b5b80ead7dc71b94535180b452724519f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-varnish-cache: 1
Date: Thu, 22 Dec 2022 15:11:14 GMT
content-security-policy: default-src 'none'; style-src 'unsafe-inline'
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
CF-Cache-Status: DYNAMIC
via: 1.1 varnish, 1.1 varnish
Age: 104
X-Cache: HIT
p3p: CP="This is not a P3P policy! See https://vimeo.com/privacy"
expires: Thu, 22 Dec 2022 15:35:01 GMT
x-host: player-755b6fb99b-p9p4l
Connection: keep-alive
x-vserver: playproxy-rollout-prod-varnish-6
Content-Length: 6272
x-xss-protection: 1; mode=block
X-Served-By: cache-hhn-etou8220033-HHN
X-Player-Backend: p
Server: cloudflare
X-Timer: S1671721874.223405,VS0,VE0
x-backend-proxy: playproxy7
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-bapp-server: player-755b6fb99b-p9p4l
Accept-Ranges: bytes
CF-RAY: 77d9c9f1df519b67-FRA
X-Cache-Hits: 107

GET
H2 200 300de995219855df80d105f3bad6bf98.png
www.cardlay.com/img/containers/assets/Partners_frontpage.png/ 843 KB
845 KB 335ms
335ms Image
image/png 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/img/containers/assets/Partners_frontpage.png/300de995219855df80d105f3bad6bf98.png

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

111392c4b2bfccd094fd73f816c087b022aa0435af3b8a93af495487d617e20e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
x-amz-version-id: FMGdzwl6XVzL_LrOk4tM6WEJ.qcsIHBy
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 863105
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:20 GMT
server: AmazonS3
etag: "a90c31e6fc65190fa9f7af116c94b60b"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: STF5ajJhbnsQIz7ezOVRiXMhBBDDk71Iku_ReLcmeYGaWcyvTZr39w==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
76 KB 300ms
100ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FN2JGR423M

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3bc453d3eb4ea6f999332c9474ecaba813ec3b4a9e2cd19f809016c711471c6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77304
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 22 Dec 2022 15:11:14 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 98 KB
39 KB 258ms
59ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KMZGWDN

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

0414902941b8f335cb53a23d23f97ca3dae28486a5d78c338f29afb4877bd4fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 39392
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 22 Dec 2022 15:11:14 GMT

GET
H2 200 legal.js Show response
widgets.legalmonster.com/v1/ 400 KB
88 KB 380ms
22ms Script
text/javascript 2600:9000:2057:6400:6:e348:15c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.legalmonster.com/v1/legal.js
Requested by: Host: www.cardlay.com
URL: https://www.cardlay.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:6:e348:15c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Cowboy /
Resource Hash: 94c8eb5a14acc7f9f5fe0341d2c67c8047f28a00af0b774cbeb346694583f790

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:04:41 GMT
via: 1.1 vegur, 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
content-encoding: gzip
last-modified: Tue, 08 Nov 2022 11:28:44 GMT
server: Cowboy
x-amz-cf-pop: FRA6-C1
age: 433
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: JtLc5BJeJDSoHzLxkfx6c1Y43fDFfvsC4n9gSVcv3u5daNoCtVQB1g==

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
28 KB 164ms
107ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

55c4e9ba07b641e64caa17bfcbdc63b1721a58554bd449401e600db3f6b95cf9

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 22 Dec 2022 15:11:14 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 27298
x-fb-rlafr: 0
x-xss-protection: 0
pragma: public
x-fb-debug: mk6P5bHpL0P+oAOa/fcpwdceUxDzS6HaESQpeEYhjuBPtchOsmr4aTn//XuddUFyKfg1p294pOLnBED/8+aE7Q==
x-fb-trip-id: 686109401
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 footerBannerImage.png
www.cardlay.com/assets/ 155 KB
156 KB 434ms
434ms Image
image/png 108.138.189.68
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.cardlay.com/assets/footerBannerImage.png

Requested by

Host: www.cardlay.com
URL: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

108.138.189.68 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-108-138-189-68.mxp64.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

50f8df466be2ac44824960fe6d95eed3b7adaddf71257a8bd805f7fc65bd10fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/css/site.css?id=65d791c4c611133ccede
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
x-amz-version-id: IdV_nBGtEIU3XTLBduAh18SOCfEbl7BU
via: 1.1 66a3254753daef98131e391b49752390.cloudfront.net (CloudFront)
strict-transport-security: max-age=31536000; includeSubdomains
x-content-type-options: nosniff
x-amz-cf-pop: MXP64-P1
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
content-length: 159135
x-xss-protection: 1; mode=block
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 20 Dec 2022 13:32:16 GMT
server: AmazonS3
etag: "5cccf450898e309d157537315a3479dd"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: null
cache-control: max-age=31536000,public
accept-ranges: bytes
x-amz-cf-id: 6r982Kie6GVz9az9hhDI_bI1m3ElHLXVhNapfYEr9pm317LPREI5Jg==

GET
H2 200 lftracker_v1_ywVkO4X12vEaZ6Bj.js Show response
sc.lfeeder.com/ 31 KB
11 KB 737ms
162ms Script
application/javascript 18.66.15.69
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://sc.lfeeder.com/lftracker_v1_ywVkO4X12vEaZ6Bj.js
Requested by: Host: www.cardlay.com
URL: https://www.cardlay.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.15.69 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-15-69.vie50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 79c2f66f411530e90425ca695861488e71397506400c6133931ed9c08cd1a30e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-amz-version-id: IW9w9vTRgxpQI7gT1Ya2_xUOIHrCOYJY
content-encoding: gzip
via: 1.1 b159f39ee34c14548a9d9dc3e730676a.cloudfront.net (CloudFront)
date: Thu, 22 Dec 2022 15:11:15 GMT
last-modified: Tue, 22 Nov 2022 07:11:39 GMT
server: AmazonS3
x-amz-cf-pop: VIE50-P1
etag: W/"a27749cff098d8b5061308e837e68efc"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=3600
x-amz-cf-id: DDPzz_KiM6uKLsnFsxYTwlAbrHCMzEYGi3r13cZNnZx3WeswqUG-Vg==

GET
H2 200 player.de-DE.module.js Show response
f.vimeocdn.com/p/4.16.5/js/ Frame 61D8 477 KB
116 KB 470ms
18ms Script
application/javascript 199.232.18.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://f.vimeocdn.com/p/4.16.5/js/player.de-DE.module.js
Requested by: Host: player.vimeo.com
URL: https://player.vimeo.com/video/701185056?h=5576db4323&playsinline=1&title=false&byline=false&portrait=false&dnt=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.18.109 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: eaa2248a4f028a6f5c59f7bb3a9c5e1ff921bcb2ee66517665788f675e99e99f

Request headers

Referer: https://player.vimeo.com/
Origin: https://player.vimeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by: cache-iad-kiad7000164-IAD, cache-vie6333-VIE
date: Thu, 22 Dec 2022 15:11:14 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 63038
x-timer: S1671721875.987686,VS0,VE0
vary: Accept-Encoding,x-http-method-override
x-cache: HIT, HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 118649
x-cache-hits: 4, 3204

GET
H2 200 vendor.module.js Show response
f.vimeocdn.com/p/4.16.5/js/ Frame 61D8 378 KB
90 KB 523ms
71ms Script
application/javascript 199.232.18.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://f.vimeocdn.com/p/4.16.5/js/vendor.module.js
Requested by: Host: player.vimeo.com
URL: https://player.vimeo.com/video/701185056?h=5576db4323&playsinline=1&title=false&byline=false&portrait=false&dnt=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.18.109 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 5a613d64a17940bb2f9d1dd791dfcd023826c9f931706687e511888c565cd44e

Request headers

Referer: https://player.vimeo.com/
Origin: https://player.vimeo.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by: cache-iad-kcgs7200115-IAD, cache-vie6333-VIE
date: Thu, 22 Dec 2022 15:11:14 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 63039
x-timer: S1671721875.987756,VS0,VE0
vary: Accept-Encoding,x-http-method-override
x-cache: HIT, HIT
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 92370
x-cache-hits: 38, 13506

GET
H2 200 player.css
f.vimeocdn.com/p/4.16.5/css/ Frame 61D8 245 KB
22 KB 469ms
17ms Stylesheet
text/css 199.232.18.109
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://f.vimeocdn.com/p/4.16.5/css/player.css
Requested by: Host: player.vimeo.com
URL: https://player.vimeo.com/video/701185056?h=5576db4323&playsinline=1&title=false&byline=false&portrait=false&dnt=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.18.109 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1b672e7932ba30dc918fc8ff58dbc3ffa85b6f47e6dfc18dfb6c3ad8596e0111

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://player.vimeo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-served-by: cache-iad-kjyo7100082-IAD, cache-vie6324-VIE
date: Thu, 22 Dec 2022 15:11:14 GMT
content-encoding: br
via: 1.1 varnish, 1.1 varnish
age: 63039
x-timer: S1671721875.987751,VS0,VE0
vary: Accept-Encoding,x-http-method-override
x-cache: HIT, HIT
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=1209600
accept-ranges: bytes
content-length: 21880
x-cache-hits: 28, 13788

GET
H2 200 1417126793-263935a9805c3031d87e677fb384079956df5b5e5e0214a72a84c3b0c0ac7525-d.jpg
i.vimeocdn.com/video/ Frame 61D8 2 KB
2 KB 473ms
19ms Image
image/jpeg 199.232.18.109
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vimeocdn.com/video/1417126793-263935a9805c3031d87e677fb384079956df5b5e5e0214a72a84c3b0c0ac7525-d.jpg?mw=80&q=85
Requested by: Host: player.vimeo.com
URL: https://player.vimeo.com/video/701185056?h=5576db4323&playsinline=1&title=false&byline=false&portrait=false&dnt=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.18.109 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 665950b384e57ac5c60d443ba093f9b158b551df169d93da8b9dd0360db4ea8c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://player.vimeo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
via: vvarnish, 1.1 varnish, 1.1 varnish
age: 1838835
x-viewmaster-lossless-format: lossy
x-cache: miss, HIT, HIT
x-backend-server: varnish
content-length: 1758
viewmaster-server: viewmaster-us-central1-4vc8
x-served-by: cache-dfw-kdfw8210028-DFW, cache-vie6369-VIE
x-timer: S1671721875.992258,VS0,VE1
etag: 8fd4ae347533f9cbdcf8f3297be89046
access-control-max-age: 86400
content-type: image/jpeg
access-control-allow-origin: *
access-control-expose-headers: X-Viewmaster-Status
cache-control: public, max-age=2592000
accept-ranges: bytes
x-cache-hits: 20, 1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 218 KB
76 KB 77ms
76ms Script
application/javascript 2a00:1450:4001:829::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-FN2JGR423M&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KMZGWDN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

04d13333e700fb1b62a0267efb6be7273ea399780839b0fbce8e81d292f59457

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:14 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 77333
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
expires: Thu, 22 Dec 2022 15:11:14 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
338 B 230ms
24ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-FN2JGR423M&gtm=2oebu0&_p=779388402&cid=402419729.1671721875&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1671721874&sct=1&seg=0&dl=https%3A%2F%2Fwww.cardlay.com%2F&dt=We%20make%20it%20easy%20to%20handle%20cards%2C%20payments%2C%20and%20expenses.&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FN2JGR423M
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 22 Dec 2022 15:11:14 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.cardlay.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 en-us.json Show response
widgets.openli.com/v1/ 3 KB
1 KB 113ms
9ms Fetch
application/json 2600:9000:2057:8a00:6:e348:15c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://widgets.openli.com/v1/en-us.json
Requested by: Host: widgets.legalmonster.com
URL: https://widgets.legalmonster.com/v1/legal.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:8a00:6:e348:15c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Cowboy /
Resource Hash: a194b212fa79f8f65a875b4cbf90c399ce235f244900e79a665911388c0074e7

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 14:38:00 GMT
via: 1.1 vegur, 1.1 c1fb60e38be5022a78e4b52bedded7c2.cloudfront.net (CloudFront)
content-encoding: gzip
last-modified: Tue, 08 Nov 2022 11:28:44 GMT
server: Cowboy
x-amz-cf-pop: FRA6-C1
age: 2207
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: X2fLu-V4f-V1NNBVNk70Ygt8vIyp93xzxvfrOkv83J-YESLKfQjVsg==

GET
H/1.1 200
OK current Show response
app.openli.com/api/v1/widgets/ 390 B
1 KB 605ms
487ms Fetch
application/json 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.openli.com/api/v1/widgets/current?LEGALJS_VERSION=3.22.0&SNIPPET_VERSION=3.0.0&project_public_key=WTmrGS2R9oq35GgGzEpzrwDq

Requested by

Host: widgets.legalmonster.com
URL: https://widgets.legalmonster.com/v1/legal.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

Cowboy /

Resource Hash

f28755f9fbdc23d10e335f34b08890274e045a80d8ba9bf802fd99e32a78c79d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 22 Dec 2022 15:11:15 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Via: 1.1 vegur
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 0
X-Request-Id: ecbd77c7-9db0-4207-a179-c91f06793984
X-Runtime: 0.226515
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"f28755f9fbdc23d10e335f34b0889027"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Access-Control-Max-Age: 7200
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Vary: Accept, Origin
Cache-Control: max-age=0, private, must-revalidate
Content-Type: application/json; charset=utf-8

GET
H2 200 1417126793-263935a9805c3031d87e677fb384079956df5b5e5e0214a72a84c3b0c0ac7525-d
i.vimeocdn.com/video/ Frame 61D8 17 KB
17 KB 26ms
25ms Image
image/avif 199.232.18.109
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vimeocdn.com/video/1417126793-263935a9805c3031d87e677fb384079956df5b5e5e0214a72a84c3b0c0ac7525-d?mw=500&mh=281
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.18.109 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6f033042e9545ff608f8a64ff27813e09c3ba2e0c12174617f747d116a0daa56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://player.vimeo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
via: vvarnish, 1.1 varnish, 1.1 varnish
age: 1813526
x-viewmaster-lossless-format: automatic
x-cache: miss, HIT, HIT
x-backend-server: varnish
content-length: 17160
viewmaster-server: viewmaster-us-central1-wsf1
x-served-by: cache-dfw-kdfw8210075-DFW, cache-vie6369-VIE
x-timer: S1671721875.242484,VS0,VE1
etag: 3f784d0f22d55e1ddcdf722b0becce5a
access-control-max-age: 86400
vary: Accept
content-type: image/avif
access-control-allow-origin: *
access-control-expose-headers: X-Viewmaster-Status
cache-control: public, max-age=2592000
accept-ranges: bytes
x-cache-hits: 7, 1

GET
H2 200 /
tr-rc.lfeeder.com/ 43 B
294 B 86ms
32ms Image
image/gif 13.32.99.98
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr-rc.lfeeder.com/?sid=ywVkO4X12vEaZ6Bj&data=eyJnYVRyYWNraW5nSWRzIjpbXSwiZ2FNZWFzdXJlbWVudElkcyI6WyJHLUZOMkpHUjQyM00iXSwiZ2FDbGllbnRJZHMiOlsiNDAyNDE5NzI5LjE2NzE3MjE4NzUiXSwiY29udGV4dCI6eyJsaWJyYXJ5Ijp7Im5hbWUiOiJsZnRyYWNrZXIiLCJ2ZXJzaW9uIjoiMi41OC4wIn0sInBhZ2VVcmwiOiJodHRwczovL3d3dy5jYXJkbGF5LmNvbS8iLCJwYWdlVGl0bGUiOiJXZSBtYWtlIGl0IGVhc3kgdG8gaGFuZGxlIGNhcmRzLCBwYXltZW50cywgYW5kIGV4cGVuc2VzLiIsInJlZmVycmVyIjoiIn0sImV2ZW50IjoidHJhY2tpbmctZXZlbnQiLCJjbGllbnRFdmVudElkIjoiMjcxOTA0ZWU4NzFmMGJkMCIsInNjcmlwdElkIjoieXdWa080WDEydkVhWjZCaiIsImNvb2tpZXNFbmFibGVkIjpmYWxzZSwiY29uc2VudExldmVsIjoibm9uZSIsImFub255bWl6ZUlwIjpmYWxzZSwibGZDbGllbnRJZCI6IkxGMS4xLjFhOWY5NWQ3ZTY4M2IzZmQuMTY3MTcyMTg3NTIzOS5DTSIsImZvcmVpZ25Db29raWVzIjpbXSwicHJvcGVydGllcyI6e30sImF1dG9UcmFja2luZ0VuYWJsZWQiOnRydWUsImF1dG9UcmFja2luZ01vZGUiOiJvbl9zY3JpcHRfbG9hZCJ9
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.32.99.98 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-32-99-98.fra60.r.cloudfront.net
Software: CloudFront /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
via: 1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA60-P3
x-cache: LambdaGeneratedResponse from cloudfront
content-type: image/gif
content-length: 43
x-amz-cf-id: OWC76xbPHRRgB4eSDJImccc4UaKAN5Ajw8ozS4xrBlPl-dbyMfJNOw==

GET
H2 200 1417126793-263935a9805c3031d87e677fb384079956df5b5e5e0214a72a84c3b0c0ac7525-d
i.vimeocdn.com/video/ Frame 61D8 17 KB
17 KB 19ms
19ms Image
image/avif 199.232.18.109
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://i.vimeocdn.com/video/1417126793-263935a9805c3031d87e677fb384079956df5b5e5e0214a72a84c3b0c0ac7525-d?mw=500&mh=281
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 199.232.18.109 Vienna, Austria, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 6f033042e9545ff608f8a64ff27813e09c3ba2e0c12174617f747d116a0daa56

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://player.vimeo.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 15:11:15 GMT
via: vvarnish, 1.1 varnish, 1.1 varnish
age: 1813526
x-viewmaster-lossless-format: automatic
x-cache: miss, HIT, HIT
x-backend-server: varnish
content-length: 17160
viewmaster-server: viewmaster-us-central1-wsf1
x-served-by: cache-dfw-kdfw8210075-DFW, cache-vie6369-VIE
x-timer: S1671721875.335475,VS0,VE0
etag: 3f784d0f22d55e1ddcdf722b0becce5a
access-control-max-age: 86400
vary: Accept
content-type: image/avif
access-control-allow-origin: *
access-control-expose-headers: X-Viewmaster-Status
cache-control: public, max-age=2592000
accept-ranges: bytes
x-cache-hits: 7, 2

GET
H/1.1 200
OK WTmrGS2R9oq35GgGzEpzrwDq Show response
app.openli.com/api/v1/widgets/ 5 KB
6 KB 68ms
68ms Fetch
application/json 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.openli.com/api/v1/widgets/WTmrGS2R9oq35GgGzEpzrwDq?LEGALJS_VERSION=3.22.0&SNIPPET_VERSION=3.0.0&user_public_key=ztXT4hv4TJfPNfR5nywqjiFs&language=en-us

Requested by

Host: widgets.legalmonster.com
URL: https://widgets.legalmonster.com/v1/legal.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

Cowboy /

Resource Hash

15335ef2460d54f20ae6eed7264e526b1ee65cb171623f18f6e1c996b133aa48

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 22 Dec 2022 15:11:15 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Via: 1.1 vegur
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 0
X-Request-Id: 4d925253-1fc4-489b-90be-fd1a04091345
X-Runtime: 0.031582
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"15335ef2460d54f20ae6eed7264e526b"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Access-Control-Max-Age: 7200
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Vary: Accept, Origin
Cache-Control: max-age=0, private, must-revalidate
Content-Type: application/json; charset=utf-8

POST
H/1.1 204
No Content consents
app.openli.com/api/v1/widgets/ 0
0 113ms
112ms Fetch 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.openli.com/api/v1/widgets/consents?LEGALJS_VERSION=3.22.0&SNIPPET_VERSION=3.0.0&user_public_key=ztXT4hv4TJfPNfR5nywqjiFs&project_public_key=WTmrGS2R9oq35GgGzEpzrwDq

Requested by

Host: widgets.legalmonster.com
URL: https://widgets.legalmonster.com/v1/legal.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

Cowboy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.cardlay.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
Content-Type: application/json

Response headers

Date: Thu, 22 Dec 2022 15:11:15 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Via: 1.1 vegur
X-Permitted-Cross-Domain-Policies: none
Connection: keep-alive
Content-Length: 0
X-Xss-Protection: 0
X-Request-Id: 52a663a0-bdf8-4895-a41a-0b601faac674
X-Runtime: 0.078210
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
X-Download-Options: noopen
Access-Control-Max-Age: 7200
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
X-Frame-Options: SAMEORIGIN
Cache-Control: no-cache
Vary: Origin

OPTIONS
H/1.1 200
OK consents
app.openli.com/api/v1/widgets/ Frame 0
0 105ms
105ms Preflight 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://app.openli.com/api/v1/widgets/consents?LEGALJS_VERSION=3.22.0&SNIPPET_VERSION=3.0.0&user_public_key=ztXT4hv4TJfPNfR5nywqjiFs&project_public_key=WTmrGS2R9oq35GgGzEpzrwDq
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-63-32-161-232.eu-west-1.compute.amazonaws.com
Software: Cowboy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.cardlay.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Access-Control-Allow-Headers: content-type
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Access-Control-Max-Age: 7200
Connection: keep-alive
Date: Thu, 22 Dec 2022 15:11:15 GMT
Server: Cowboy
Transfer-Encoding: chunked
Via: 1.1 vegur

GET
H/1.1 200
OK providers Show response
app.openli.com/api/v1/widgets/WTmrGS2R9oq35GgGzEpzrwDq/ 497 B
1 KB 278ms
278ms Fetch
application/json 63.32.161.232
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://app.openli.com/api/v1/widgets/WTmrGS2R9oq35GgGzEpzrwDq/providers?category=marketing&user_public_key=ztXT4hv4TJfPNfR5nywqjiFs

Requested by

Host: widgets.legalmonster.com
URL: https://widgets.legalmonster.com/v1/legal.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

63.32.161.232 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-161-232.eu-west-1.compute.amazonaws.com

Software

Cowboy /

Resource Hash

67290989411d7a16990f4c721dbfb40527c2b5a007cdcc46e3e812d856782434

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Thu, 22 Dec 2022 15:11:15 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains
X-Content-Type-Options: nosniff
Via: 1.1 vegur
X-Permitted-Cross-Domain-Policies: none
Transfer-Encoding: chunked
Connection: keep-alive
X-Xss-Protection: 0
X-Request-Id: e157d3ac-dbe4-49f2-a9db-1d63afeb7fc6
X-Runtime: 0.202852
Referrer-Policy: strict-origin-when-cross-origin
Server: Cowboy
Etag: W/"67290989411d7a16990f4c721dbfb405"
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
Access-Control-Max-Age: 7200
Access-Control-Allow-Methods: GET, POST, OPTIONS
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers
Vary: Accept, Origin
Cache-Control: max-age=0, private, must-revalidate
Content-Type: application/json; charset=utf-8

GET
H2 200 privacy-by-openli.svg
widgets.openli.com/v1/images/ 12 KB
5 KB 13ms
12ms Image
image/svg+xml 2600:9000:2057:6400:6:e348:15c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://widgets.openli.com/v1/images/privacy-by-openli.svg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2057:6400:6:e348:15c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Cowboy /
Resource Hash: e5515ee4a6ab01dd16977b5da804108fb6e53a41060a75691a8c66fd3ac2779c

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.cardlay.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Thu, 22 Dec 2022 14:21:22 GMT
via: 1.1 vegur, 1.1 62dc260e32d7b9197a4511447f6a264a.cloudfront.net (CloudFront)
content-encoding: gzip
last-modified: Tue, 08 Nov 2022 11:28:44 GMT
server: Cowboy
x-amz-cf-pop: FRA6-C1
age: 3244
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: 7eYBaXm157tAUKSGqAKYhstNvV8HFRqxiGb2fiaf-viKftmU9FZuFQ==

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.vimeo.com/	1970-01-20 08:22:03	Name: __cf_bm Value: W2SkVfZBrvTzpjB43tarXP2T1kLKs8teTTEosu3NChk-1671721873-0-AcoYGVAe0k/i3P+77ItKB1rqC0izk1uxBmuaQZ2OgF4Fz38bAGzMYTJwDjQRzLhVeaQS2zYU6o9MSADfEkkyZ+4=
.calendly.com/	1970-01-20 08:22:03	Name: __cf_bm Value: HFiYKroaeNTktw2K2yJs1Km8vDBa6aK2XCEAuXo0kUY-1671721873-0-AY3ilq0NhoVQONQrzqbA4PcTRpPTKzuSPEwVe6DICDQMFppK3Vma8KlPLhLOYWqH6kSSUip4hK35YdqP/EaLES0=
.calendly.com/	1969-12-31 23:59:59	Name: __cfruid Value: 1edaca42459c5704ef093700c810f9bc3f8caa75-1671721873
.cardlay.com/	1970-01-20 17:58:01	Name: _ga_FN2JGR423M Value: GS1.1.1671721874.1.0.1671721874.0.0.0
.cardlay.com/	1970-01-20 17:58:01	Name: _ga Value: GA1.1.402419729.1671721875
.cardlay.com/	1970-01-20 12:41:13	Name: legalmonster-user Value: {%22WTmrGS2R9oq35GgGzEpzrwDq%22:{%22userId%22:%22ztXT4hv4TJfPNfR5nywqjiFs%22%2C%22expires%22:1687273875546%2C%22lastAccessed%22:1671721875546}}
.cardlay.com/	1970-01-20 12:41:13	Name: legalmonster-cookie-consent Value: {%22WTmrGS2R9oq35GgGzEpzrwDq%22:{%22cookieConsentState%22:{%22wasDoNotTrackSet%22:false}%2C%22expires%22:1687273875620%2C%22lastAccessed%22:1671721875620%2C%22version%22:2}}
.cardlay.com/	1969-12-31 23:59:59	Name: legalmonster-pages-viewed Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.openli.com
assets.calendly.com
calendly.com
connect.facebook.net
f.vimeocdn.com
fonts.googleapis.com
fonts.gstatic.com
i.vimeocdn.com
player.vimeo.com
region1.google-analytics.com
sc.lfeeder.com
tr-rc.lfeeder.com
unpkg.com
widgets.legalmonster.com
widgets.openli.com
www.cardlay.com
www.googletagmanager.com
108.138.189.67
108.138.189.68
13.32.99.98
162.159.138.60
18.66.15.69
199.232.18.109
2001:4860:4802:32::36
2600:9000:2057:6400:6:e348:15c0:93a1
2600:9000:2057:8a00:6:e348:15c0:93a1
2606:4700:3108::ac42:2b1a
2606:4700::6810:7daf
2a00:1450:4001:806::200a
2a00:1450:4001:80b::2003
2a00:1450:4001:829::2008
2a03:2880:f01c:8012:face:b00c:0:3
63.32.161.232
0414902941b8f335cb53a23d23f97ca3dae28486a5d78c338f29afb4877bd4fc
04d13333e700fb1b62a0267efb6be7273ea399780839b0fbce8e81d292f59457
050d912d10bf1d31e5a35310b2da08036cc878d4c9ac33fca082c558579e7b0b
111392c4b2bfccd094fd73f816c087b022aa0435af3b8a93af495487d617e20e
1505ec5f96be77f3f428766eefacb45909eba760d28d71bc14d424f8216449e3
15335ef2460d54f20ae6eed7264e526b1ee65cb171623f18f6e1c996b133aa48
164cdf451df2ee7c1560cd58c9dcb33e6b83643c0e31eb056ecb9313bf41d48b
1b672e7932ba30dc918fc8ff58dbc3ffa85b6f47e6dfc18dfb6c3ad8596e0111
2617c501bb702b5f41ef1f1eaf8702aa8fe688b0219aa8d616b906e44af4cf43
3240ea26261d368d6e276f88d4e140888c3a929ae91d759c7c8293a0c67ac246
359d1e740c9fbafe1c5332c9cf6c09d15f2703eb956803b363df6c38b97e1157
3bc453d3eb4ea6f999332c9474ecaba813ec3b4a9e2cd19f809016c711471c6d
4e1e2ae3f4561e986deaee99301c6249e07aac5a7ba05346da0fd9d9aa9c87d6
50f8df466be2ac44824960fe6d95eed3b7adaddf71257a8bd805f7fc65bd10fe
55c4e9ba07b641e64caa17bfcbdc63b1721a58554bd449401e600db3f6b95cf9
5a613d64a17940bb2f9d1dd791dfcd023826c9f931706687e511888c565cd44e
5bd97cc298975b2ec39b760588f862ea9396e507c678535ac0408e8c80d345e2
665950b384e57ac5c60d443ba093f9b158b551df169d93da8b9dd0360db4ea8c
67290989411d7a16990f4c721dbfb40527c2b5a007cdcc46e3e812d856782434
69a685495932283379be3fee7eb8d07d07ba939769a488e7c2e1c5b191884b48
6f033042e9545ff608f8a64ff27813e09c3ba2e0c12174617f747d116a0daa56
74fb1c94c07673b80034ac6fe9e7bb10be8e3fa131c307e31ba870e3098980bc
7919e42c1593715dd408c9f1e4b5c51b5b80ead7dc71b94535180b452724519f
79c2f66f411530e90425ca695861488e71397506400c6133931ed9c08cd1a30e
7e4815d68bea9605afd26163dfcf1185281d52f2f2812c89052794942c501a7b
86321659b430d61d1c232e225e927b7f052fa61669e5afc15044f75740d04429
89964a1e976665256ba2040ff198c773ad9662a22b0e9839a4b1d6740939be57
8eef2ef6cf882d5e2e9167cb7c8b0ebbeb75b28a698835488733d149326fab4f
94c8eb5a14acc7f9f5fe0341d2c67c8047f28a00af0b774cbeb346694583f790
9b5b244b3654bce523e2204f07590a4909891d26e51d36c161973c6d6ac0c180
9f4dc3aa5c08ee1c15f6a7d88f6ecc10ec0144506b0bae8018b25b83f33e000c
a194b212fa79f8f65a875b4cbf90c399ce235f244900e79a665911388c0074e7
aefc81e20c4c9bff0b4801161d18c48a05d54ee6d4aeb1f528012ab553cde9bc
af3b0785dbf80a2f5f64866759729106e4f1d43e532e5c5052acf5027bd2f677
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b885bc6ceb136ec8899c79c3a2684048a579a53d5ead4382f3b937fd5a1236de
c049ee6050ce808cdbe3738cffec31c418aec6e1ead43c28cc3b69d9f7531069
c18e3121c9ed86c50ec96041928a7d839a31ab105468ef62142b91cd1c7da9e7
c8c22baa077a087d7e254f9574197f3ed78305554b30998c77595e34e68598d3
cd8312a7f8b4cf905c629f48561fc8e5cdfdc83c073ff54ba5f9fe22404cbcd2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e497862d0cd9d661bc3fc3224b6563d45d6db94f9b12ab243943d3984e9f959b
e5515ee4a6ab01dd16977b5da804108fb6e53a41060a75691a8c66fd3ac2779c
eaa2248a4f028a6f5c59f7bb3a9c5e1ff921bcb2ee66517665788f675e99e99f
f28755f9fbdc23d10e335f34b08890274e045a80d8ba9bf802fd99e32a78c79d
f41ac388e48b0c76db641d8dd1e924d30056ad8e62c0c765177daf54142e6ddf
f59b75b016d6be9e6a7a8095dd9a039a88bea08770d1cba19da98b41f228e365
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fa5ad2ff0d36c5b2ad8cddd0e6fc23094c135574e8daea25a153f61be1d2f0bc
fcd9b7637ea1a042ad8a04c43c511f504e03d1b1b5d82c27f98e1a074edd2908
feb374c55fc7e858c8a3bcdd94c321e79bb819051f3578eaccca98c4a96ca173

www.cardlay.com Open in urlscan Pro 108.138.189.68 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

57 Requests

96 %HTTPS

56 %IPv6

13 Domains

17 Subdomains

16 IPs

5 Countries

2643 kBTransfer

30134 kBSize

8 Cookies

10 Outgoing links

Page URL History

Redirected requests

57 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.cardlay.com Open in urlscan Pro
108.138.189.68 Public Scan

Screenshot
Live screenshot

Full Image

57
Requests

96 %
HTTPS

56 %
IPv6

13
Domains

17
Subdomains

16
IPs

5
Countries

2643 kB
Transfer

30134 kB
Size

8
Cookies

57 HTTP transactions
1 data transactions