urlscan.io logo urlscan.io
SecurityTrails logo

www.equitablebank.ca Open in urlscan Pro
23.48.203.13  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://equitablebank.ca/
Effective URL: https://www.equitablebank.ca/
Submission: On May 04 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 24 IPs in 2 countries across 17 domains to perform 82 HTTP transactions. The main IP is 23.48.203.13, located in Ashburn, United States and belongs to AKAMAI-ASN1, NL. The main domain is www.equitablebank.ca.
TLS certificate: Issued by DigiCert EV RSA CA G2 on June 7th 2023. Valid for: a year.
This is the only time www.equitablebank.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 23.205.106.90 20940 (AKAMAI-ASN1)
39 23.48.203.13 20940 (AKAMAI-ASN1)
1 4 34.120.212.246 396982 (GOOGLE-CL...)
1 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
3 2607:f8b0:400... 15169 (GOOGLE)
2 65.109.119.232 24940 (HETZNER-AS)
6 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2a03:2880:f00... 32934 (FACEBOOK)
1 18.238.4.47 16509 (AMAZON-02)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 18.238.12.115 16509 (AMAZON-02)
1 18.238.8.227 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
1 2 142.251.163.149 15169 (GOOGLE)
1 2 209.54.182.161 16509 (AMAZON-02)
1 13.224.214.90 16509 (AMAZON-02)
1 2a03:2880:f10... 32934 (FACEBOOK)
82 24
1    23.205.106.90 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-205-106-90.deploy.static.akamaitechnologies.com
equitablebank.ca
39    23.48.203.13 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-48-203-13.deploy.static.akamaitechnologies.com
www.equitablebank.ca
4    34.120.212.246 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 246.212.120.34.bc.googleusercontent.com
cdn.prod.ca.five9.net
1    2606:4700:20::681a:a1e (United States)

ASN13335 (CLOUDFLARENET, US)
yt04jaca8e.kameleoon.eu
1    2607:f8b0:4004:c06::5f (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2607:f8b0:4004:c07::6a (Washington, United States)

ASN15169 (GOOGLE, US)
www.google.com
2    65.109.119.232 (Helsinki, Finland)

ASN24940 (HETZNER-AS, DE)
PTR: data-api-new07.kameleoon.net
data.kameleoon.io
6    2607:f8b0:4004:c19::61 (Washington, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2607:f8b0:4004:c07::8b (Washington, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2607:f8b0:4004:c07::5e (Washington, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2607:f8b0:4004:c09::5e (Washington, United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a03:2880:f003:c0e:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    18.238.4.47 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-4-47.phl51.r.cloudfront.net
static.hotjar.com
3    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    18.238.12.115 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-12-115.phl51.r.cloudfront.net
js.adsrvr.org
1    18.238.8.227 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-8-227.phl51.r.cloudfront.net
c.amazon-adsystem.com
3    2607:f8b0:4004:c19::9c (Washington, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2607:f8b0:4004:c17::9c (Washington, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2607:f8b0:4004:c21::8a (Washington, United States)

ASN15169 (GOOGLE, US)
analytics.google.com
4    2607:f8b0:4004:c17::5e (Washington, United States)

ASN15169 (GOOGLE, US)
www.google.ca
2    142.251.163.149 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: wv-in-f149.1e100.net
12525703.fls.doubleclick.net
2    209.54.182.161 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    13.224.214.90 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-224-214-90.phl50.r.cloudfront.net
script.hotjar.com
1    2a03:2880:f103:83:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
Apex Domain
Subdomains		 Transfer
40 equitablebank.ca
equitablebank.ca
www.equitablebank.ca
1 MB
6 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
12525703.fls.doubleclick.net
3 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
519 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
analytics.google.com — Cisco Umbrella Rank: 154
1 KB
4 google.ca
www.google.ca — Cisco Umbrella Rank: 10035
253 B
4 five9.net
cdn.prod.ca.five9.net — Cisco Umbrella Rank: 526651
79 KB
3 amazon-adsystem.com
c.amazon-adsystem.com — Cisco Umbrella Rank: 308
s.amazon-adsystem.com — Cisco Umbrella Rank: 327
6 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 345
14 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 742
script.hotjar.com — Cisco Umbrella Rank: 988
59 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
71 KB
2 gstatic.com
fonts.gstatic.com
www.gstatic.com
249 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
21 KB
2 kameleoon.io
data.kameleoon.io — Cisco Umbrella Rank: 19152
673 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
274 B
1 adsrvr.org
js.adsrvr.org — Cisco Umbrella Rank: 1370
insight.adsrvr.org Failed
4 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 33
2 KB
1 kameleoon.eu
yt04jaca8e.kameleoon.eu
32 KB
82 17
Domain Requested by
39 www.equitablebank.ca www.equitablebank.ca
6 www.googletagmanager.com www.equitablebank.ca
www.googletagmanager.com
www.google-analytics.com
4 www.google.ca www.equitablebank.ca
4 cdn.prod.ca.five9.net 1 redirects www.equitablebank.ca
cdn.prod.ca.five9.net
3 stats.g.doubleclick.net www.google-analytics.com
www.googletagmanager.com
3 bat.bing.com www.equitablebank.ca
bat.bing.com
3 www.google.com www.equitablebank.ca
2 s.amazon-adsystem.com 1 redirects www.equitablebank.ca
2 12525703.fls.doubleclick.net 1 redirects www.googletagmanager.com
2 analytics.google.com www.googletagmanager.com
2 connect.facebook.net www.equitablebank.ca
connect.facebook.net
2 www.google-analytics.com www.equitablebank.ca
www.google-analytics.com
2 data.kameleoon.io yt04jaca8e.kameleoon.eu
1 www.facebook.com www.equitablebank.ca
1 script.hotjar.com static.hotjar.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 c.amazon-adsystem.com www.equitablebank.ca
1 js.adsrvr.org www.googletagmanager.com
1 static.hotjar.com www.equitablebank.ca
1 www.gstatic.com www.google.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com www.equitablebank.ca
1 yt04jaca8e.kameleoon.eu www.equitablebank.ca
1 equitablebank.ca 1 redirects
0 insight.adsrvr.org Failed js.adsrvr.org
82 25
Subject Issuer Validity Valid
equitablebank.ca
DigiCert EV RSA CA G2		 2023-06-07 -
2024-07-07		 a year crt.sh
cdn.prod.ca.five9.net
GTS CA 1D4		 2024-04-22 -
2024-07-21		 3 months crt.sh
kameleoon.eu
GTS CA 1P5		 2024-03-31 -
2024-06-29		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.google.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
data.kameleoon.io
R3		 2024-03-28 -
2024-06-26		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-02-11 -
2024-05-11		 3 months crt.sh
*.hotjar.com
Amazon ECDSA 256 M03		 2024-02-07 -
2025-03-08		 a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02		 2024-05-01 -
2024-06-27		 2 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2024-04-23 -
2025-05-25		 a year crt.sh
c.amazon-adsystem.com
Amazon RSA 2048 M01		 2023-12-30 -
2024-12-04		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.equitablebank.ca/
Frame ID: 43CDE95D1305302D36D84D631BE513FB
Requests: 79 HTTP requests in this frame

Frame: https://cdn.prod.ca.five9.net/stable/chat/ngchat-app/index.html
Frame ID: 99AE873C0871D0AF07240ED91910E91A
Requests: 1 HTTP requests in this frame

Frame: https://12525703.fls.doubleclick.net/activityi;dc_pre=CL_xopCG84UDFXQTdgYdHckLRw;src=12525703;type=equitros;cat=eqban0;ord=973828338612;npa=0;auiddc=1484551771.1714793107;u1=%2F;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4510z877712459za201;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.equitablebank.ca%2F
Frame ID: 39DFD900E4C9569778AD3357BDA8CB97
Requests: 1 HTTP requests in this frame

Frame: https://insight.adsrvr.org/track/up?adv=6lqtr4e&ref=https%3A%2F%2Fwww.equitablebank.ca%2F&upid=9ijfwpe&upv=1.1.0
Frame ID: 9BEEF44AC5193CF6F4ADE400175822FC
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Canada's Challenger Bankâ„¢ | Equitable Bank

Page URL History Show full URLs

  1. http://equitablebank.ca/ HTTP 307
    https://equitablebank.ca/ HTTP 301
    https://www.equitablebank.ca/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

82
Requests

98 %
HTTPS

58 %
IPv6

17
Domains

25
Subdomains

24
IPs

2
Countries

2500 kB
Transfer

6082 kB
Size

26
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://equitablebank.ca/ HTTP 307
    https://equitablebank.ca/ HTTP 301
    https://www.equitablebank.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 45
  • https://cdn.prod.ca.five9.net/stable/chat/ngchat-app HTTP 301
  • https://cdn.prod.ca.five9.net/stable/chat/ngchat-app/index.html
Request Chain 67
  • https://12525703.fls.doubleclick.net/activityi;src=12525703;type=equitros;cat=eqban0;ord=973828338612;npa=0;auiddc=1484551771.1714793107;u1=%2F;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4510z877712459za201;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.equitablebank.ca%2F HTTP 302
  • https://12525703.fls.doubleclick.net/activityi;dc_pre=CL_xopCG84UDFXQTdgYdHckLRw;src=12525703;type=equitros;cat=eqban0;ord=973828338612;npa=0;auiddc=1484551771.1714793107;u1=%2F;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4510z877712459za201;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.equitablebank.ca%2F
Request Chain 70
  • https://s.amazon-adsystem.com/iu3?pid=b95ea0db-b945-4f89-bcdd-1a2b76171a59&event=PageView&ts=1714793106713 HTTP 302
  • https://s.amazon-adsystem.com/iu3?pid=b95ea0db-b945-4f89-bcdd-1a2b76171a59&event=PageView&ts=1714793106713&dcc=t

82 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.equitablebank.ca/
Redirect Chain
  • http://equitablebank.ca/
  • https://equitablebank.ca/
  • https://www.equitablebank.ca/
65 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
60549cc15762785938a51736d2d72accd8beb0e37c2ad0856b5cd89bb75101f1
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com web-chat.nativechat.com *.eloqua.com *.en25.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

cache-control
no-cache
content-encoding
gzip
content-length
16519
content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com web-chat.nativechat.com *.eloqua.com *.en25.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Sat, 04 May 2024 03:25:05 GMT
expires
-1
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
0
date
Sat, 04 May 2024 03:25:04 GMT
location
https://www.equitablebank.ca/
server
AkamaiGHost
index.js
cdn.prod.ca.five9.net/static/stable/chat/wrapper/ 		217 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.ca.five9.net/static/stable/chat/wrapper/index.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.212.246 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
246.212.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
056a4ecdee649e7f14f5065061341af4522ed882f9c28c2806d4c5a99323d638
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains
x-guploader-uploadid
ABPtcPowk-fY8CJD9L81DTtWNjHG_jalrelwIMfppL0JotvPysS3Ko6fSKQkM1R4aw5wroSxFSk
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39679
last-modified
Thu, 14 Mar 2024 05:35:36 GMT
server
UploadServer
etag
"e0c91f7284b1105208f0c2fcaf40b2ba"
vary
Accept-Encoding
x-goog-generation
1710394536929993
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=mcutVQ==, md5=4MkfcoSxEFII8ML8r0Cyug==
access-control-expose-headers
*
cache-control
no-store
x-goog-stored-content-length
39679
accept-ranges
bytes
expires
Sun, 04 May 2025 03:25:05 GMT
kameleoon.js
yt04jaca8e.kameleoon.eu/ 		121 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://yt04jaca8e.kameleoon.eu/kameleoon.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:a1e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
342c4e99d65d84e50a90dae7fff2f715fca2e0e6b6c1032ec4fdf39d826dea17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
5382
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 22 Apr 2024 09:37:22 GMT
server
cloudflare
etag
W/"66262fd2-1e2c6"
stale-if-error
604800
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i8VSrCViMn7k%2Fxu7jw5V6Iy%2F8zEP38HlF1nSQQHaMHNtOb0dWZ%2FyHHCpS9OeHcjUVCrPvHDThIjU7QXvMaxkd82Dy2tHLEuRBM4RrAdRwA15fgqh0IMGG3Nsm4aYa1SCnNRzDa%2BqKUQsisCPnshLvDZXYFnj"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
max-age=5400
cf-ray
87e561adea3436a1-YYZ
expires
Sat, 04 May 2024 03:25:23 GMT
slick.woff
www.equitablebank.ca/Assets/dist/css/fonts/ 		1 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/css/fonts/slick.woff
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Origin
https://www.equitablebank.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
1380
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"09fb765396da1:0"
x-frame-options
SAMEORIGIN
content-type
application/font-woff
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
slick.ttf
www.equitablebank.ca/Assets/dist/css/fonts/ 		2 KB
5 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/css/fonts/slick.ttf
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
37bc99cfdbbc046193a26396787374d00e7b10d3a758a36045c07bd8886360d2
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Origin
https://www.equitablebank.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
1892
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"09fb765396da1:0"
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
css
fonts.googleapis.com/ 		12 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato|Open+Sans:400,700
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c06::5f Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
aa3d61bc2d51a6ec18f22fed31e80ede103cd47942b3ee817c5f28b064a69c35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Sat, 04 May 2024 03:25:05 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Sat, 04 May 2024 03:25:05 GMT
api.js
www.google.com/recaptcha/ 		1 KB
856 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?hl=en
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c07::6a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
1448ec1b3f30a554233bd280aa99a7eaf690d1098647e7dddea286c757884f9c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sat, 04 May 2024 03:25:06 GMT
app.js
www.equitablebank.ca/Assets/dist/js/ 		321 B
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/js/app.js?v=1699651462817
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7000a8744b8656b2480390c3d3e90ec7b85ddda53ccdd1af5ec308f6cd6accfd
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
213
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:58 GMT
cross-origin-opener-policy
unsafe-none
etag
"0537cb5396da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7131
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
ls.bgset.min.js
www.equitablebank.ca/Assets/dist/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/js/ls.bgset.min.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1a2a2aaddcbab1bfaf02aa07da27d82d07b50a4b95abce29d22457fdff08fe3f
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
1251
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:58 GMT
cross-origin-opener-policy
unsafe-none
etag
"0537cb5396da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=69312
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
ls.unveilhooks.min.js
www.equitablebank.ca/Assets/dist/js/ 		1 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/js/ls.unveilhooks.min.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a664242185a09fd19bd60980a3463364a8829fd887fdd6709696a844fe850516
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
693
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:58 GMT
cross-origin-opener-policy
unsafe-none
etag
"0537cb5396da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=7132
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
lazysizes.min.js
www.equitablebank.ca/Assets/dist/js/ 		7 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/js/lazysizes.min.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f07c4822d750b4d7582ed7a3e1150cd7ce7b753c17dbead174699ca30ce4cd78
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
3310
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:58 GMT
cross-origin-opener-policy
unsafe-none
etag
"0537cb5396da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=50704
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
main.min.css
www.equitablebank.ca/ResourcePackages/Bootstrap/assets/dist/css/ 		167 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/ResourcePackages/Bootstrap/assets/dist/css/main.min.css?v=1699651462817
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0ce72376eb2f4c26d391fd8328df5451ed20525734035e186ae5787d1b3116f2
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
27964
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:52 GMT
cross-origin-opener-policy
unsafe-none
etag
"0ce686544d5d91:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=52936
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
vendor.min.css
www.equitablebank.ca/Assets/dist/css/ 		60 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/css/vendor.min.css?v=1699651462817
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f2cbf87ef851d3fcb7ea0103534b88e5f958e69ce011c4d9cad4f7ae83931c8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
14774
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:36 GMT
cross-origin-opener-policy
unsafe-none
etag
"0645ffe5296da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=62089
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
main.min.css
www.equitablebank.ca/Assets/dist/css/ 		342 KB
45 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
093990ca560d2c32135117de10fdcc5537425997a8f0eae2a143f978a1cf387a
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
43119
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:54 GMT
cross-origin-opener-policy
unsafe-none
etag
"0f91995396da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
cache-control
max-age=50623
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
Telerik.Web.UI.WebResource.axd
www.equitablebank.ca/ 		2 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Telerik.Web.UI.WebResource.axd?d=PMrIT5dOWaVYIcpFWUE4nEvV2C7yQS0HOUMU9Ewqj_y_qE6Vuz8O9-lO8m2eZSXuKYjGPoUdFm6y8J5xBK5l9b_Sh57qhrHGFgLXXSrlNfuVHsxBf6eBtDgHZeW8B74A0&t=638488753808520654&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%2c+Version%3d14.4.8100.0%2c+Culture%3dneutral%2c+PublicKeyToken%3db28c218413bdf563%3aen%3aca651bf7-ab52-4d0b-838f-dc7a536af758%3a7a90d6a
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3ceb845596cd0b2142d50f3144ded925563816a3787579266f81384c6f8cc6cf
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
523
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 17 Jan 2023 05:00:00 GMT
cross-origin-opener-policy
unsafe-none
vary
HTTP_USER_AGENT, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=31376557
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Fri, 02 May 2025 07:07:42 GMT
WebResource.axd
www.equitablebank.ca/ 		23 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZAqWEjGXPCajcSbX8xNKmGdRq01g2N6ZiSinvj88GqVJVHU86InvSQO9fMfrinH0hQ2&t=638488753809770702
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
4627
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 16 Apr 2024 22:43:00 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Fri, 02 May 2025 04:52:10 GMT
Telerik.Web.UI.WebResource.axd
www.equitablebank.ca/ 		140 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=ctl05_TSM&compress=0&_TSM_CombinedScripts_=%3b%3bSystem.Web.Extensions%2c+Version%3d4.0.0.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d31bf3856ad364e35%3aen%3a9ead301a-2c07-4fc5-be19-f8423a34e117%3aea597d4b%3ab25378d2
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cedff8610211b296b3a7032b8b904fb880562054470097f76004c9c487b4ad54
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
35146
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 17 Jan 2023 05:00:00 GMT
cross-origin-opener-policy
unsafe-none
vary
HTTP_USER_AGENT, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
public, max-age=31371648
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Fri, 02 May 2025 05:45:53 GMT
ScriptResource.axd
www.equitablebank.ca/ 		88 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/ScriptResource.axd?d=Sm_GGXofLw4C9Eu03fCPHKK96qT44mhovWKeyT8KwURc24z5v0_77HSfmDO5ybZP8v-FyohtgCcl7oPnvI1_eFl3QUs7FVvDCguQJcTvsoJDlqpQJ_CBb_SavR-n2u7IkXJBPgf6kYqQxvP7ChC-gZGpHY_sqBaZd56IbnPA0T6d4ZhIvp9E7eZEoneUsiME0&t=7e94aea0
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c4ae5268bef77000a0b3d189ab188bcd5a819ed731d3e2577ff75e22a5ab37b7
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sat, 04 May 2024 03:25:05 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
31141
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 02 May 2024 09:20:27 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
public
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Fri, 02 May 2025 05:20:27 GMT
Telerik.Web.UI.WebResource.axd
www.equitablebank.ca/ 		17 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=ctl05_TSM&compress=0&_TSM_CombinedScripts_=%3b%3bTelerik.Sitefinity.Resources%3aen%3aca651bf7-ab52-4d0b-838f-dc7a536af758%3a9ced59e7
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
d5d89cc50699dbd7b6a362be04270811ae7a072f7805719cf2e80694e48ff50f
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
5799
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 17 Jan 2023 05:00:00 GMT
cross-origin-opener-policy
unsafe-none
vary
HTTP_USER_AGENT, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
public, max-age=31371647
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Fri, 02 May 2025 05:45:53 GMT
bootstrap.min.js
www.equitablebank.ca/Frontend-Assembly/Telerik.Sitefinity.Frontend/Mvc/Scripts/Bootstrap/js/ 		39 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Frontend-Assembly/Telerik.Sitefinity.Frontend/Mvc/Scripts/Bootstrap/js/bootstrap.min.js?package=Bootstrap&v=MTQuNC44MTAwLjA%3d
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a915d483b99af421f4813e6b60599b4e39faff120e54b5e9838386d4ae1a4c60
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
10944
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 31 Mar 2023 17:43:52 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=69919
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Sat, 04 May 2024 22:50:24 GMT
eqb_logo_horizontal_en.svg
www.equitablebank.ca/Assets/dist/images/print-logos/ 		5 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/Assets/dist/images/print-logos/eqb_logo_horizontal_en.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
941c69e2710662afd214b905a81b06b8c255d33773c2c11d45d0bdfe6ca56b05
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
4890
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"0a1376444d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
Log-in-mobile-icon.svg
www.equitablebank.ca/Assets/dist/images/ 		695 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/Assets/dist/images/Log-in-mobile-icon.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e0f9ed9eb25362678cf9896630fc02aa48c47bd1bacf7918988833cf09d7d144
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
695
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"0a1376444d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
EquitableBank-EN.svg
www.equitablebank.ca/Assets/dist/images/ 		6 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/Assets/dist/images/EquitableBank-EN.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
08ccbae04933299fe407c21b6ba531365552aca157e37a3c3033389277adf2b1
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
6031
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"0a1376444d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
eqb-home-topbanner-desktop.webp
www.equitablebank.ca/docs/default-source/webp/ 		43 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/docs/default-source/webp/eqb-home-topbanner-desktop.webp
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
3d1cea2d85dfa2154a9e08895536fdfe4e6970846ff2a9a888804c65d1b826d7
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=eqb-home-topbanner-desktop.webp
content-length
44294
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 27 Jan 2023 15:57:09 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/webp
cache-control
public, max-age=66631
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Sat, 04 May 2024 21:55:36 GMT
eqb-2537-homepage-houserich-banner-desktop.jpg
www.equitablebank.ca/images/default-source/default-album/ 		326 KB
330 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/default-album/eqb-2537-homepage-houserich-banner-desktop.jpg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ba8710211e26c17d7e920e239a9557d240b102d756b680c967eca2403afb311a
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=EQB-2537-homepage-houserich-banner-desktop.jpg
content-length
334213
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 11 Sep 2023 13:10:22 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=10597
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Sat, 04 May 2024 06:21:42 GMT
gettyimages-1316713298-1024x1024-2.jpg
www.equitablebank.ca/images/default-source/default-album/ 		58 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/default-album/gettyimages-1316713298-1024x1024-2.jpg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c7d351e47d2b2360387bfb1e8c4aad0b7253db68aec05b04dd25d278a6f97cea
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=gettyimages-1316713298-1024x1024-2.jpg
content-length
59470
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 23 Jan 2023 14:39:34 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=28477
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Sat, 04 May 2024 11:19:42 GMT
gettyimages-1316713298-1024x1024-3.jpg
www.equitablebank.ca/images/default-source/default-album/ 		101 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/default-album/gettyimages-1316713298-1024x1024-3.jpg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7c70156c1f92077f46cae2fa015b087ac0623c69a80032c618f637f9a07d5bbf
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=gettyimages-1316713298-1024x1024-3.jpg
content-length
103819
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 23 Jan 2023 14:59:23 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=10830
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Sat, 04 May 2024 06:25:36 GMT
gettyimages-1316713298-1024x1024-4.jpg
www.equitablebank.ca/images/default-source/default-album/ 		69 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/default-album/gettyimages-1316713298-1024x1024-4.jpg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1da1dcb6ab84144dab601815cb8314e4d2f84444fcf8152ddec5ee227f9fa9e8
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=gettyimages-1316713298-1024x1024-4.jpg
content-length
70971
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 23 Jan 2023 14:40:19 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=7483
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Sat, 04 May 2024 05:29:49 GMT
gettyimages-1316713298-1024x1024-2-(1).jpg
www.equitablebank.ca/images/default-source/default-album/ 		118 KB
121 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/default-album/gettyimages-1316713298-1024x1024-2-(1).jpg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
24ced3c26e9bbd46acacc401cab1a790c6021ef403eb1cc0b3ee5e6b823ad064
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=gettyimages-1316713298-1024x1024-2-(1).jpg
content-length
120762
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 23 Jan 2023 14:39:07 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=82845
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Sun, 05 May 2024 02:25:51 GMT
eqb-home-section3-image5-desktop.jpg
www.equitablebank.ca/images/default-source/default-album/ 		99 KB
102 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/default-album/eqb-home-section3-image5-desktop.jpg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ed388ccef37c7222f9cc3dd36ab6304027a1434278a24620b6f7bc8e625bae7b
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=eqb-home-section3-image5-desktop.jpg
content-length
101857
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 24 Jan 2023 14:08:15 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
public, max-age=7488
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Sat, 04 May 2024 05:29:54 GMT
cdic-digital-symbol-en-fr.svg
www.equitablebank.ca/images/default-source/svgs/ 		5 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/svgs/cdic-digital-symbol-en-fr.svg?sfvrsn=540f991e_2
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6e6eb706e88d4cbe426f93cdc397a8932a5f852423181affea3e75e3444bbf51
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=cdic-digital-symbol-en-fr.svg
content-length
4609
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 27 Jan 2023 16:36:28 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=7776000
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Fri, 02 Aug 2024 03:25:06 GMT
linkedin-icon.svg
www.equitablebank.ca/images/default-source/svgs/ 		588 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/svgs/linkedin-icon.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
57291ff8059617d42f091d4914658b82a01e090f69072c82b798d3d00bf08f36
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=linkedin-icon.svg
content-length
588
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 05 Feb 2019 14:28:27 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=7776000
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Fri, 02 Aug 2024 03:25:06 GMT
youtube-icon.svg
www.equitablebank.ca/images/default-source/svgs/ 		516 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/images/default-source/svgs/youtube-icon.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
66f9cdb8d61014d192f6f7e4a793fee299e35d3f5243baf029f58e281fbb9386
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-disposition
inline; filename=youtube-icon.svg
content-length
516
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 05 Feb 2019 14:28:27 GMT
cross-origin-opener-policy
unsafe-none
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
public, max-age=7776000
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
expires
Fri, 02 Aug 2024 03:25:06 GMT
spectrum.js
www.equitablebank.ca/Assets/vendor/spectrum/ 		80 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/vendor/spectrum/spectrum.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e5d5b2cc80088a9af35daaaed680f831ca095d7a707e0f851fa97a202c29c4c2
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com cdn.ampproject.org *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
18227
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:52 GMT
cross-origin-opener-policy
unsafe-none
etag
"0ce686544d5d91:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=62151
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
vendor.min.js
www.equitablebank.ca/Assets/dist/js/ 		803 KB
230 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/js/vendor.min.js?v=1699651462817
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
75934e1a33ae326108b9da88bfa731f65e964336ff00947d94d58a3184a44e91
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
231786
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"09fb765396da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=63695
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
main.min.js
www.equitablebank.ca/Assets/dist/js/ 		131 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/js/main.min.js?v=1699651462817
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
223b4e3c78dbddac21546ffb001abeb16ae48fc2cdc5b68532ae968d85ee2068
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
38396
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 24 Apr 2024 14:23:58 GMT
cross-origin-opener-policy
unsafe-none
etag
"0537cb5396da1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=48702
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
events
data.kameleoon.io/visit/ 		0
336 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.kameleoon.io/visit/events?siteCode=yt04jaca8e&visitorCode=pj5p1i6jef1unmg3&itp=false
Requested by
Host: yt04jaca8e.kameleoon.eu
URL: https://yt04jaca8e.kameleoon.eu/kameleoon.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.109.119.232 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
data-api-new07.kameleoon.net
Software
nginx/1.26.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'nonce-superNonce';base-uri 'self';form-action 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'nonce-superNonce';base-uri 'self';form-action 'self'
server
nginx/1.26.0
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
access-control-allow-headers
user-agent,kameleoon-client
gtm.js
www.googletagmanager.com/ 		314 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WNHWJHC
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d414e1364eb7295283d492924ca36cae34a2ec5615c10530f30a66d497e3e7d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
100813
x-xss-protection
0
last-modified
Sat, 04 May 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 04 May 2024 03:25:06 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 04 May 2024 02:57:37 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1649
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 04 May 2024 04:57:37 GMT
index.js
cdn.prod.ca.five9.net/static/stable/chat/wrapper/ 		217 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.ca.five9.net/static/stable/chat/wrapper/index.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.212.246 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
246.212.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
056a4ecdee649e7f14f5065061341af4522ed882f9c28c2806d4c5a99323d638
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains
x-guploader-uploadid
ABPtcPox0H6MZOpFRFEgM8N5Qlr582XBzG5699CcPRiCiA7A9biKmbF13dO38b8E1_YUULoGjvE
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
39679
last-modified
Thu, 14 Mar 2024 05:35:36 GMT
server
UploadServer
etag
"e0c91f7284b1105208f0c2fcaf40b2ba"
vary
Accept-Encoding
x-goog-generation
1710394536929993
content-type
application/javascript
access-control-allow-origin
*
x-goog-hash
crc32c=mcutVQ==, md5=4MkfcoSxEFII8ML8r0Cyug==
access-control-expose-headers
*
cache-control
no-store
x-goog-stored-content-length
39679
accept-ranges
bytes
expires
Sun, 04 May 2025 03:25:05 GMT
login-my-equitable.svg
www.equitablebank.ca/Assets/dist/images/ 		3 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/Assets/dist/images/login-my-equitable.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
107128ca4bf252663004779a058324a5c8a7939e31a6cee9b8ab4718cc1429b6
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
3013
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"0a1376444d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
login-broker.svg
www.equitablebank.ca/Assets/dist/images/ 		3 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/Assets/dist/images/login-broker.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
93c573f198e2291490c2664dc34b491e56e8be5f1b31e9512f90fdecb8d83d73
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
3479
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"0a1376444d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
login-deposit.svg
www.equitablebank.ca/Assets/dist/images/ 		4 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/Assets/dist/images/login-deposit.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fb10e1b8d4cae2c20635a7ff53eafa5857f7f0f3bb8acc59305e625369ebdd09
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
4220
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"0a1376444d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
statement-share.svg
www.equitablebank.ca/Assets/dist/images/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.equitablebank.ca/Assets/dist/images/statement-share.svg
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a4ee07cf704bec753cb9800f554eed469c33644b33281780ff98da34e36da57c
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/Assets/dist/css/main.min.css?v=1699651462817
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org *.eloqua.com *.en25.com web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net *.eloqua.com web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
1431
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"0a1376444d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cache-control
max-age=2678400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato|Open+Sans:400,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fonts.googleapis.com/
Origin
https://www.equitablebank.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 00:46:36 GMT
x-content-type-options
nosniff
age
9510
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 May 2025 00:46:36 GMT
rates.js
www.equitablebank.ca/Assets/dist/js/ 		159 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/js/rates.js?_=1714793105958
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/ScriptResource.axd?d=Sm_GGXofLw4C9Eu03fCPHKK96qT44mhovWKeyT8KwURc24z5v0_77HSfmDO5ybZP8v-FyohtgCcl7oPnvI1_eFl3QUs7FVvDCguQJcTvsoJDlqpQJ_CBb_SavR-n2u7IkXJBPgf6kYqQxvP7ChC-gZGpHY_sqBaZd56IbnPA0T6d4ZhIvp9E7eZEoneUsiME0&t=7e94aea0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5c491b65212e05ded0fddf40836eb7e3a790e935e73708a5fcb5ef75f2cd54ad
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.equitablebank.ca/
X-Requested-With
XMLHttpRequest
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org forms.hsforms.com web-chat.nativechat.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:06 GMT
content-encoding
gzip
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
125
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Sat, 04 May 2024 03:22:25 GMT
cross-origin-opener-policy
unsafe-none
etag
"80aebe48d29dda1:0"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=86400
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
index.html
cdn.prod.ca.five9.net/stable/chat/ngchat-app/ Frame 99AE
Redirect Chain
  • https://cdn.prod.ca.five9.net/stable/chat/ngchat-app
  • https://cdn.prod.ca.five9.net/stable/chat/ngchat-app/index.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://cdn.prod.ca.five9.net/stable/chat/ngchat-app/index.html
Requested by
Host: cdn.prod.ca.five9.net
URL: https://cdn.prod.ca.five9.net/static/stable/chat/wrapper/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.212.246 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
246.212.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.equitablebank.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-store
content-encoding
gzip
content-length
842
content-type
text/html
date
Sat, 04 May 2024 03:25:06 GMT
etag
"0dbf97cd283a149e617840be85c60dbd"
expires
Sun, 04 May 2025 03:25:06 GMT
last-modified
Tue, 02 Apr 2024 06:02:07 GMT
server
UploadServer
strict-transport-security
max-age=15768000; includeSubDomains
vary
Accept-Encoding Origin
x-content-type-options
nosniff
x-goog-generation
1712037727976199
x-goog-hash
crc32c=AposAQ== md5=Db+XzSg6FJ5heEC+hcYNvQ==
x-goog-metageneration
2
x-goog-storage-class
STANDARD
x-goog-stored-content-encoding
gzip
x-goog-stored-content-length
842
x-guploader-uploadid
ABPtcPqcra27G4n1ipNGIimFeCl6eOMeEITax6583T5Jg4pNSi193-HJJ-NBdJ0QJIOUMEQ7p5Q

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Sat, 04 May 2024 03:25:06 GMT
expires
Sat, 04 May 2024 03:25:06 GMT
location
https://cdn.prod.ca.five9.net/stable/chat/ngchat-app/index.html
server
UploadServer
strict-transport-security
max-age=15768000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-guploader-uploadid
ABPtcPrUhod4ux7-fTQm8LN8CSOspa9_Bd6-NZIfboiSdSIsmF8lRDKSw_zhwbbgPb7EiK3te6Y
events
data.kameleoon.io/visit/ 		0
337 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://data.kameleoon.io/visit/events?siteCode=yt04jaca8e&visitorCode=pj5p1i6jef1unmg3&itp=false
Requested by
Host: yt04jaca8e.kameleoon.eu
URL: https://yt04jaca8e.kameleoon.eu/kameleoon.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.109.119.232 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
data-api-new07.kameleoon.net
Software
nginx/1.26.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'nonce-superNonce';base-uri 'self';form-action 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self' 'nonce-superNonce';base-uri 'self';form-action 'self'
server
nginx/1.26.0
x-frame-options
SAMEORIGIN
access-control-allow-origin
*
access-control-allow-headers
user-agent,kameleoon-client
recaptcha__en.js
www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/ 		506 KB
202 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/V6_85qpc2Xf2sbe3xTnRte7m/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Origin
https://www.equitablebank.ca
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 01:14:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7844
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
205803
x-xss-protection
0
last-modified
Mon, 22 Apr 2024 21:03:35 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sun, 04 May 2025 01:14:22 GMT
collect
www.google-analytics.com/j/ 		16 B
226 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=205126074&t=pageview&_s=1&dl=https%3A%2F%2Fwww.equitablebank.ca%2F&ul=en-ca&de=UTF-8&dt=Canada%27s%20Challenger%20Bank%E2%84%A2%20%7C%20Equitable%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAACAAI~&jid=1049287478&gjid=446806352&cid=2039371662.1714793107&tid=UA-82523008-1&_gid=695171164.1714793107&_r=1&_slc=1&z=549805338
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c07::8b Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
f9e2c5a71ce4250eb44da9a27b6f9669a11d4a4e141851203fd52085858c6b61
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:06 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.equitablebank.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		293 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-06P9KHGXP0&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNHWJHC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
db9e45a5da9a1d55f57d4a73ceb2c47fc97f69609f0b42899860bf6309e46145
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
101667
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 04 May 2024 03:25:06 GMT
destination
www.googletagmanager.com/gtag/ 		226 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-945420866&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNHWJHC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a4f21119f3d8c95ddfb75a28837faa5a29f8e6a51478ede5fb6e00a52112ed4d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
81992
x-xss-protection
0
last-modified
Sat, 04 May 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 04 May 2024 03:25:06 GMT
destination
www.googletagmanager.com/gtag/ 		199 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=DC-12525703&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNHWJHC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b7446f5fb7cdf33b7e8cfc35809841cc91003d91f928493399c54adf2422fbd2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73847
x-xss-protection
0
last-modified
Sat, 04 May 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 04 May 2024 03:25:06 GMT
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 04 May 2024 03:25:07 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=19, rtx=0, c=13, mss=1392, tbw=2765, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
HV8uAcXYF8qRLaOuHnZh10kADpr/I4q+uKbeRlwKK8xm/QkIlZBk3djpJbHIUaU11eOp16bngEveUyRLZOwJaw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
hotjar-1812264.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1812264.js?sv=6
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.4.47 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-4-47.phl51.r.cloudfront.net
Software
/
Resource Hash
c433942389a2da95bd69428e2aa1ebb5272cd01942d81ab93ff4015d6a240157
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 b88fda0ef7fc0be68ec5692fdd8f97ec.cloudfront.net (CloudFront)
x-amz-cf-pop
PHL51-P1
etag
W/7465bc4fda0fbd5e395ec791cdc975d7
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=60
x-cache-hit
1
cross-origin-resource-policy
cross-origin
x-amz-cf-id
jNP8WlL1jp9hAXr-5sCjW8bA3WhLRz0CUnwJjmNkj60iUZcurwRDAA==
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Sat, 04 May 2024 03:25:06 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 9C7F49F1E8FD4930BE82B4D8BC0FCF81 Ref B: YTO01EDGE0515 Ref C: 2024-05-04T03:25:07Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
js
www.googletagmanager.com/gtag/ 		199 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-12525703
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNHWJHC
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c4cb796d6fa49147bbcc17216ef9518139abb959b20a2b32747bd7f76d8f4174
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73857
x-xss-protection
0
last-modified
Sat, 04 May 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 04 May 2024 03:25:06 GMT
up_loader.1.1.0.js
js.adsrvr.org/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.adsrvr.org/up_loader.1.1.0.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WNHWJHC
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.238.12.115 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-12-115.phl51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3a95689e90e588b166f7b3ecd334959a2d6a3da1d73d557c8fb72fa10cf465dd

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 03 May 2024 19:53:15 GMT
Content-Encoding
gzip
Via
1.1 7e50e11b37fc55ad87bf48e905b770a0.cloudfront.net (CloudFront)
Last-Modified
Tue, 30 Apr 2024 23:20:15 GMT
Server
AmazonS3
X-Amz-Cf-Pop
PHL51-P1
Age
27113
x-amz-server-side-encryption
AES256
ETag
W/"d6f0435164aefe6cf324147b77c7b6bb"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Cache
Hit from cloudfront
Connection
keep-alive
X-Amz-Cf-Id
1CkEnpLkz5BFvYgNoptKjegoM9f_ZpJXnOwi9BQgA1OVKgxuXybwWQ==
amzn.js
c.amazon-adsystem.com/aat/ 		13 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.amazon-adsystem.com/aat/amzn.js
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.8.227 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-8-227.phl51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b68efccae861d874c91f6607e469061f716801e4b3849e0e2cde0dc1b60ee9a6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
CqtBPlHFRJ4DVXdFOl0Nv05VUvH3bTHU
content-encoding
gzip
via
1.1 e1d636b234c38932eb25194cb146dbcc.cloudfront.net (CloudFront), 1.1 d9cb2cc28f0170090b851fc36d4c091e.cloudfront.net (CloudFront)
date
Fri, 03 May 2024 06:19:31 GMT
last-modified
Mon, 15 Apr 2024 15:10:47 GMT
server
AmazonS3
x-amz-cf-pop
PHL50-C1, PHL51-P1
x-amz-server-side-encryption
AES256
etag
W/"3d13ef41aa477d7e1ec276886b9e0ec5"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
x-amz-cf-id
S3B704Wkscj9LHZqFJcmdpA3hB5CY-67bZSmPhB-kVzUuKKx58qAlA==
collect
stats.g.doubleclick.net/j/ 		4 B
353 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-82523008-1&cid=2039371662.1714793107&jid=1049287478&gjid=446806352&_gid=695171164.1714793107&_u=IEBAAEAAAAAAACAAI~&z=654027013
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 04 May 2024 03:25:07 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.equitablebank.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		278 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-0N62455T0T&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::61 Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f5b9fed2d6540860dea2f7ae3d26b4392166decae3f84a9d615882d730246279
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 04 May 2024 03:25:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
98181
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 04 May 2024 03:25:06 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/945420866/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/945420866/?random=1714793106924&cv=11&fst=1714793106924&bg=ffffff&guid=ON&async=1&gtm=45be4510v898075386z877712459za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.equitablebank.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Canada%27s%20Challenger%20Bank%E2%84%A2%20%7C%20Equitable%20Bank&npa=0&pscdl=noapi&auid=1484551771.1714793107&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-945420866&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1a44ceee6c9d6390bea6ebda6f58e7a4c3e36389695c4223ab7e1ff685d6bb3b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1430
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
258 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-06P9KHGXP0&gtm=45je4510v892122114z877712459za200&_p=1714793105783&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&cid=2039371662.1714793107&ul=en-ca&sr=1600x1200&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_s=1&sid=1714793106&sct=1&seg=0&dl=https%3A%2F%2Fwww.equitablebank.ca%2F&dt=Canada%27s%20Challenger%20Bank%E2%84%A2%20%7C%20Equitable%20Bank&en=page_view&_fv=1&_ss=1&tfd=3443
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-06P9KHGXP0&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c21::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.equitablebank.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
47 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-06P9KHGXP0&cid=2039371662.1714793107&gtm=45je4510v892122114z877712459za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-06P9KHGXP0&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.equitablebank.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-06P9KHGXP0&cid=2039371662.1714793107&gtm=45je4510v892122114z877712459za200&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&z=1935941389
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-0N62455T0T&gtm=45je4510v9138483168za200&_p=1714793105783&_gaz=1&gcd=13l3l3l3l2&npa=0&dma=0&ul=en-ca&sr=1600x1200&cid=2039371662.1714793107&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.equitablebank.ca%2F&dt=Canada%27s%20Challenger%20Bank%E2%84%A2%20%7C%20Equitable%20Bank&sid=1714793107&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3488
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0N62455T0T&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c21::8a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.equitablebank.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-0N62455T0T&cid=2039371662.1714793107&gtm=45je4510v9138483168za200&aip=1&dma=0&gcd=13l3l3l3l2&npa=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0N62455T0T&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c19::9c Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.equitablebank.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-0N62455T0T&cid=2039371662.1714793107&gtm=45je4510v9138483168za200&aip=1&dma=0&gcd=13l3l3l3l2&npa=0&z=964363181
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
activityi;dc_pre=CL_xopCG84UDFXQTdgYdHckLRw;src=12525703;type=equitros;cat=eqban0;ord=973828338612;npa=0;auiddc=1484551771.1714793107;u1=%2F;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.118%7CGoogle%...
12525703.fls.doubleclick.net/ Frame 39DF
Redirect Chain
  • https://12525703.fls.doubleclick.net/activityi;src=12525703;type=equitros;cat=eqban0;ord=973828338612;npa=0;auiddc=1484551771.1714793107;u1=%2F;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.118%7CGoog...
  • https://12525703.fls.doubleclick.net/activityi;dc_pre=CL_xopCG84UDFXQTdgYdHckLRw;src=12525703;type=equitros;cat=eqban0;ord=973828338612;npa=0;auiddc=1484551771.1714793107;u1=%2F;uaa=x86;uab=64;uafv...
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://12525703.fls.doubleclick.net/activityi;dc_pre=CL_xopCG84UDFXQTdgYdHckLRw;src=12525703;type=equitros;cat=eqban0;ord=973828338612;npa=0;auiddc=1484551771.1714793107;u1=%2F;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4510z877712459za201;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.equitablebank.ca%2F?
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-12525703&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.149 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f149.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.equitablebank.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
619
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 04 May 2024 03:25:07 GMT
expires
Sat, 04 May 2024 03:25:07 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Sat, 04 May 2024 03:25:07 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://12525703.fls.doubleclick.net/activityi;dc_pre=CL_xopCG84UDFXQTdgYdHckLRw;src=12525703;type=equitros;cat=eqban0;ord=973828338612;npa=0;auiddc=1484551771.1714793107;u1=%2F;uaa=x86;uab=64;uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0;uamb=0;uam=;uap=Win32;uapv=10.0.0;uaw=0;pscdl=noapi;gtm=45fe4510z877712459za201;gcd=13l3l3l3l1;dma=0;epver=2;~oref=https%3A%2F%2Fwww.equitablebank.ca%2F?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
175018756.js
bat.bing.com/p/action/ 		0
117 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/175018756.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Sat, 04 May 2024 03:25:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 156994C98DDC452F9BA9792221902988 Ref B: YTO01EDGE0515 Ref C: 2024-05-04T03:25:07Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
361 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=175018756&Ver=2&mid=c0360f41-83ea-4883-b0f4-488fccbe9cb8&sid=e7ad42a009c511efa6fef1a5925625c4&vid=e7ad840009c511efbe75b18dc53874c4&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Canada%27s%20Challenger%20Bank%E2%84%A2%20%7C%20Equitable%20Bank&p=https%3A%2F%2Fwww.equitablebank.ca%2F&r=&lt=2530&evt=pageLoad&sv=1&rn=993904
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Sat, 04 May 2024 03:25:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7FB9E96015A7406A8747015DA55089CC Ref B: YTO01EDGE0515 Ref C: 2024-05-04T03:25:07Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
iu3
s.amazon-adsystem.com/
Redirect Chain
  • https://s.amazon-adsystem.com/iu3?pid=b95ea0db-b945-4f89-bcdd-1a2b76171a59&event=PageView&ts=1714793106713
  • https://s.amazon-adsystem.com/iu3?pid=b95ea0db-b945-4f89-bcdd-1a2b76171a59&event=PageView&ts=1714793106713&dcc=t
0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/iu3?pid=b95ea0db-b945-4f89-bcdd-1a2b76171a59&event=PageView&ts=1714793106713&dcc=t
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
HTTP/1.1
Server
209.54.182.161 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
https://www.equitablebank.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Redirect headers

Pragma
no-cache
Date
Sat, 04 May 2024 03:25:07 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
ZWJ4G41SE9GXR1XYA8M7
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/iu3?pid=b95ea0db-b945-4f89-bcdd-1a2b76171a59&event=PageView&ts=1714793106713&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
modules.842bcec28f9fd12bb79e.js
script.hotjar.com/ 		221 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.842bcec28f9fd12bb79e.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1812264.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.214.90 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-224-214-90.phl50.r.cloudfront.net
Software
/
Resource Hash
1d85a9a8a0c664f61a19377e5846769cce64d963e29001f56403926e63033f31
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 13:45:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 64aebd154b6045af00c94ad9d2ff49f2.cloudfront.net (CloudFront)
x-amz-cf-pop
PHL50-C1
age
135601
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
55872
last-modified
Thu, 02 May 2024 13:44:30 GMT
etag
"f27d2d9a453e162eec63180cf358c726"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
N0EfCQeko2QrXFH2pxP9nrGel6ks9MJiDRjlqGGmLRNmEsY_uCuTJQ==
ga-audiences
www.google.com/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-82523008-1&cid=2039371662.1714793107&jid=1049287478&_u=IEBAAEAAAAAAACAAI~&z=1336786151
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c07::6a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-82523008-1&cid=2039371662.1714793107&jid=1049287478&_u=IEBAAEAAAAAAACAAI~&z=1336786151
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
468912197110773
connect.facebook.net/signals/config/ 		54 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/468912197110773?v=2.9.155&r=stable&domain=www.equitablebank.ca&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f003:c0e:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3dfd308aee9865fa8a65bb6dd8e09097daa8b432e68c3af6a323b08d109371a6
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 04 May 2024 03:25:07 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=26, rtx=0, c=60, mss=1392, tbw=63285, tp=-1, tpl=-1, uplat=50, ullat=0
pragma
public
x-fb-debug
s7xD3V35RfORsVPySzRGgifFqLZPfh7y+8n3eep4sfZnl/VVnWvRxbuQ77m1IoACwctPtO6W/DYMgGFJgL+M6g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/945420866/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/945420866/?random=1714793106924&cv=11&fst=1714791600000&bg=ffffff&guid=ON&async=1&gtm=45be4510v898075386z877712459za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.equitablebank.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Canada%27s%20Challenger%20Bank%E2%84%A2%20%7C%20Equitable%20Bank&npa=0&pscdl=noapi&auid=1484551771.1714793107&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqFuyBhe7WqFrjvP2a2ZW6ATO2Hv5Y9g&random=349055253&rmt_tld=0&ipr=y
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c07::6a Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/945420866/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/945420866/?random=1714793106924&cv=11&fst=1714791600000&bg=ffffff&guid=ON&async=1&gtm=45be4510v898075386z877712459za201&gcd=13l3l3l3l1&dma=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.equitablebank.ca%2F&hn=www.googleadservices.com&frm=0&tiba=Canada%27s%20Challenger%20Bank%E2%84%A2%20%7C%20Equitable%20Bank&npa=0&pscdl=noapi&auid=1484551771.1714793107&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwB7FLtqFuyBhe7WqFrjvP2a2ZW6ATO2Hv5Y9g&random=349055253&rmt_tld=1&ipr=y
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4004:c17::5e Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 04 May 2024 03:25:07 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=468912197110773&ev=PageView&dl=https%3A%2F%2Fwww.equitablebank.ca&rl=&if=false&ts=1714793107610&sw=1600&sh=1200&v=2.9.155&r=stable&ec=0&o=4124&fbp=fb.1.1714793107606.949757616&pm=1&hrl=f1af92&ler=empty&cdl=API_unavailable&it=1714793107375&coo=false&cs_cc=1&cas=7343860852316206&rqm=GET
Requested by
Host: www.equitablebank.ca
URL: https://www.equitablebank.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f103:83:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=22, rtx=0, c=10, mss=1392, tbw=2755, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 04 May 2024 03:25:08 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
up
insight.adsrvr.org/track/ Frame 9BEE 		0
0
favicon.ico
www.equitablebank.ca/ 		1 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/favicon.ico?v=1699651462817
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cbb0f35d3096c37b199e3d4e800fcd41bca1e26d8ed93b28905cc98887633aab
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net cdn.ampproject.org web-chat.nativechat.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net *.eloqua.com *.en25.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com https://cdn.insight.sitefinity.com https://dec.azureedge.net web-chat.nativechat.com track.hubspot.com js.hsleadflows.net forms.hsforms.com *.eloqua.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:10 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
1138
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:52 GMT
cross-origin-opener-policy
unsafe-none
etag
"0ce686544d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/x-icon
cache-control
max-age=14124
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
eqb_lozenge32x32.png
www.equitablebank.ca/Assets/dist/images/logos/ 		258 B
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.equitablebank.ca/Assets/dist/images/logos/eqb_lozenge32x32.png?v=1699651462817
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.48.203.13 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-48-203-13.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
74f629b0e3388d3177b5e0e6e4eb88aed429d18b0f0a676a1da64e0bb5ee966c
Security Headers
Name Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://www.equitablebank.ca/
Accept-Language
en-CA,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com *.en25.com js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com track.hubspot.com js.hsleadflows.net forms.hsforms.com https://cdn.insight.sitefinity.com https://dec.azureedge.net; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com forms.hubspot.com *.hsforms.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
date
Sat, 04 May 2024 03:25:10 GMT
cross-origin-embedder-policy
unsafe-none
cross-origin-resource-policy
cross-origin
content-length
258
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 22 Aug 2023 22:02:50 GMT
cross-origin-opener-policy
unsafe-none
etag
"0a1376444d5d91:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=71966
permissions-policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
accept-ranges
bytes
truncated
/ Frame 9BEE 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 9BEE 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Accept-Language
en-CA,en;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/png

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
insight.adsrvr.org
URL
https://insight.adsrvr.org/track/up?adv=6lqtr4e&ref=https%3A%2F%2Fwww.equitablebank.ca%2F&upid=9ijfwpe&upv=1.1.0

Verdicts & Comments Add Verdict or Comment

199 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 number| kameleoonLoadingTimeout object| kameleoonS string| kameleoonCc object| kameleoonStn object| kameleoonQueue number| kameleoonStartLoadTime object| kameleoonDisplayPage number| kameleoonDisplayPageTimeOut object| F9 function| kbowser object| Kameleoon number| kameleoonEndLoadTime object| dataLayer string| GoogleAnalyticsObject function| ga object| app object| lazySizes object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY object| __cultureInfo function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events function| $ function| jQuery string| mobileAlt string| tabletAlt string| desktopAlt function| tinycolor function| _typeof boolean| windowIsDefined function| moment function| Slider function| Glide object| AmCharts function| Waypoint function| Stepper function| Inputmask function| default function| trace function| initializeSelect function| getRate function| setSeparators function| concatRatesGroups function| setFeaturedRate object| Column boolean| isDesigner object| elements object| __TsmHiddenField function| getListToShow function| getProvinceInformation function| getBrokerLocals function| removeUnwantedBrokers function| loadBrokerMap function| centerMapOnSelectedBroker function| sendFABMail function| saveFindaBroker function| addBrokerLocatorsToSelect function| getBrokerPhone function| getBrokerCompany function| getBrokerFullName function| hideAllMessages function| showLoader function| showContactMeElements function| cleanFormBL function| getBrokerMessage function| showGlobalMessageBroker function| isTestModeBroker function| addProvincesResultCode function| drawChart function| getChartCode object| formValues function| submitContactUsForm function| callbackReCaptcha function| validateNumbersAndFormat function| formatInput function| formatNumber function| cleanFormatInput function| cleanFormatNumber function| apiFormaNumber function| calculateCSV function| getMortality function| showCSVErrorMessage function| cleanCSVErrorMessages function| saveBrokerFeedback function| showGlobalMessageFbF function| cleanFormFbF function| getFeedbackMessage function| resetItems function| validateInput function| showElement function| getNumberValueFromInput function| getNumber function| getInputWithoutPatterns function| getPMT function| formatAmountNumber function| getLanguage function| validateInputBF function| showItemBF function| showGlobalMessageBF function| isCurrentLanguageEnglish function| isEmail function| deepCopy function| didElementReachTheTop function| isElementInViewport function| moveElementToTop function| getAPI function| postAPI function| svgasimg object| Rate object| PrimeRate object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| google_tag_manager function| fbq function| _fbq function| hj object| _hjSettings object| uetq function| amzn object| GooglebQhCsO function| onYouTubeIframeAPIReady function| gtag function| UET function| UET_init function| UET_push object| ueto_1c80a8b7a3 function| renewToken function| updateToken function| deleteToken object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled object| recaptcha function| ttd_dom_ready function| TTDUniversalPixelApi object| ttdPixel object| FIVN

26 Cookies

Domain/Path Name / Value
.equitablebank.ca/Assets/dist/images/print-logos Name: _Secure-ID
Value: 123
.equitablebank.ca/images/default-source/svgs Name: _Secure-ID
Value: 123
.equitablebank.ca/Assets/dist/css/fonts Name: _Secure-ID
Value: 123
.equitablebank.ca/Assets/dist/images Name: _Secure-ID
Value: 123
.equitablebank.ca/Assets/dist/js Name: _Secure-ID
Value: 123
.equitablebank.ca/ Name: _Secure-ID
Value: 123
.equitablebank.ca/ Name: ak_bmsc
Value: 74E562FF6261C7B6BC66CAFA324222A6~000000000000000000000000000000~YAAQDcgwF+ey+TqPAQAAvEaiQRc1NhQ+///YhQ8/ibLnChIrYCUoA0mfsrnqYmo3/q2mpSZHCi99hR890ucnKfIZN3lDtR1EikwQNMH99XgVnOaEMzMDTL1TELhPc/lm7HASOjFBS4vTEoxHf/R1eeDFMRPJl0LUA6LbfwT6IJJ0APi9zXi81jV3EZlMSNTLzif5ULZChFYt+PgxFXUJirquGjiyApgsH88RjIfaBE2+WoGUQ72PAuKYiQwGdhuj+3blLPpkxM/DYAOLJuJXUwyp+vnttbaOhXIs1RzcMBxzsdBGg2P6u/IqPCWwoiYyoTbQau8gnynyj9wICTzZdmF9xQ6OyKaB535nKgYf4VYuAl9MrKAXAoDBIq0/xSQlYGYfVcPPbiOh0okKzAhL
.equitablebank.ca/ Name: kameleoonVisitorCode
Value: pj5p1i6jef1unmg3
.equitablebank.ca/ Name: _gid
Value: GA1.2.695171164.1714793107
.equitablebank.ca/ Name: _gat
Value: 1
.equitablebank.ca/ Name: _gcl_au
Value: 1.1.1484551771.1714793107
.equitablebank.ca/ Name: _ga_06P9KHGXP0
Value: GS1.1.1714793106.1.0.1714793106.60.0.0
.equitablebank.ca/ Name: _ga
Value: GA1.1.2039371662.1714793107
.equitablebank.ca/ Name: _ga_0N62455T0T
Value: GS1.2.1714793107.1.0.1714793107.60.0.0
.equitablebank.ca/ Name: _uetsid
Value: e7ad42a009c511efa6fef1a5925625c4
.equitablebank.ca/ Name: _uetvid
Value: e7ad840009c511efbe75b18dc53874c4
.bing.com/ Name: MUID
Value: 2FDB2326E64D67DB2EF83753E7E766FA
.bat.bing.com/ Name: MR
Value: 0
.equitablebank.ca/ Name: _fbp
Value: fb.1.1714793107606.949757616
.doubleclick.net/ Name: IDE
Value: AHWqTUlYfz5BlSgbTUBpHF_zg2miv40z979EE0BRjOsVrRlUpOzuYoy7k785pUGNDX8
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.amazon-adsystem.com/ Name: ad-id
Value: A-3kQFvPSEzUqToHxL7d0kY
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.equitablebank.ca/ Name: _hjSessionUser_1812264
Value: eyJpZCI6IjhhY2UwZjc4LTRkYjUtNTJkYy04MjA2LTUwNjRkOTE3ODcyNCIsImNyZWF0ZWQiOjE3MTQ3OTMxMDc4NzgsImV4aXN0aW5nIjpmYWxzZX0=
.equitablebank.ca/ Name: _hjSession_1812264
Value: eyJpZCI6ImQ5Mjg5NzY1LWVhZTMtNGI2MC05NTUxLWY4MzNhYzU1ZmJkNiIsImMiOjE3MTQ3OTMxMDc4NzksInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.adsrvr.org/ Name: TDID
Value: cdb241be-9dd3-44e2-9790-713ec6e03df1

23 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
recommendation verbose URL: https://www.equitablebank.ca/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "new-password"): (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/468912197110773?v=2.9.155&r=stable&domain=www.equitablebank.ca&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 82)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://c.amazon-adsystem.com/aat/amzn.js(Line 1)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://js.adsrvr.org/
Message:
Refused to frame 'https://match.adsrvr.org/' because it violates the following Content Security Policy directive: "frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com".
other warning URL: https://www.equitablebank.ca/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' cs-cms-cc.equitad.local; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com www.google-analytics.com googleads.g.doubleclick.net bat.bing.com static.hotjar.com widget.trustpilot.com *.callrail.com www.googleadservices.com ssl.google-analytics.com script.hotjar.com gateway.zscalerthree.net *.kameleoon.eu cdn.prod.ca.five9.net *.kameleoon.com js.adsrvr.org *.amazon-adsystem.com amazon-adsystem.com web-chat.nativechat.com *.eloqua.com *.en25.com cdn.ampproject.org https://cdn.insight.sitefinity.com https://dec.azureedge.net js.hs-scripts.com js.hs-analytics.net js.hs-banner.com js.hsleadflows.net forms.hubspot.com js.hscollectedforms.net 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com *.kameleoon.com web-chat.nativechat.com https://cdn.insight.sitefinity.com https://dec.azureedge.net 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com pbs.twimg.com *.twimg.com data: blob: https://*.googletagmanager.com www.google.com www.google.co.cr www.google-analytics.com bat.bing.com stats.g.doubleclick.net googleads.g.doubleclick.net syndication.twitter.com static.licdn.com platform.twitter.com www.equitablebank.ca www.google.ca ssl.google-analytics.com cs-cms-cc.equitad.local ad.doubleclick.net *.kameleoon.com web-chat.nativechat.com *.eloqua.com https://cdn.insight.sitefinity.com https://dec.azureedge.net track.hubspot.com js.hsleadflows.net forms.hsforms.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' *.fls.doubleclick.net www.facebook.com www.google.com cdn.callrail.com widget.trustpilot.com www.youtube.com td.doubleclick.net cdn.prod.ca.five9.net www.lightcast.com *.amazon-adsystem.com insight.adsrvr.org web-chat.nativechat.com forms.hsforms.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com www.google-analytics.com stats.g.doubleclick.net bat.bing.com *.callrail.com csmetrics.hotjar.com metrics.hotjar.io analytics.google.com *.kameleoon.com *.kameleoon.eu *.kameleoon.io pagead2.googlesyndication.com https://*.hotjar.io wss://*.hotjar.com *.amazon-adsystem.com https://*.insight.sitefinity.com https://*.dec.sitefinity.com forms.hubspot.com *.hsforms.com; media-src 'self' data: blob:; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com web-chat.nativechat.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

12525703.fls.doubleclick.net
analytics.google.com
bat.bing.com
c.amazon-adsystem.com
cdn.prod.ca.five9.net
connect.facebook.net
data.kameleoon.io
equitablebank.ca
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
insight.adsrvr.org
js.adsrvr.org
s.amazon-adsystem.com
script.hotjar.com
static.hotjar.com
stats.g.doubleclick.net
www.equitablebank.ca
www.facebook.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.gstatic.com
yt04jaca8e.kameleoon.eu
insight.adsrvr.org
13.224.214.90
142.251.163.149
18.238.12.115
18.238.4.47
18.238.8.227
209.54.182.161
23.205.106.90
23.48.203.13
2606:4700:20::681a:a1e
2607:f8b0:4004:c06::5f
2607:f8b0:4004:c07::5e
2607:f8b0:4004:c07::6a
2607:f8b0:4004:c07::8b
2607:f8b0:4004:c09::5e
2607:f8b0:4004:c17::5e
2607:f8b0:4004:c17::9c
2607:f8b0:4004:c19::61
2607:f8b0:4004:c19::9c
2607:f8b0:4004:c21::8a
2620:1ec:c11::237
2a03:2880:f003:c0e:face:b00c:0:3
2a03:2880:f103:83:face:b00c:0:25de
34.120.212.246
65.109.119.232
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
056a4ecdee649e7f14f5065061341af4522ed882f9c28c2806d4c5a99323d638
08ccbae04933299fe407c21b6ba531365552aca157e37a3c3033389277adf2b1
093990ca560d2c32135117de10fdcc5537425997a8f0eae2a143f978a1cf387a
0ce72376eb2f4c26d391fd8328df5451ed20525734035e186ae5787d1b3116f2
107128ca4bf252663004779a058324a5c8a7939e31a6cee9b8ab4718cc1429b6
1448ec1b3f30a554233bd280aa99a7eaf690d1098647e7dddea286c757884f9c
1a2a2aaddcbab1bfaf02aa07da27d82d07b50a4b95abce29d22457fdff08fe3f
1a44ceee6c9d6390bea6ebda6f58e7a4c3e36389695c4223ab7e1ff685d6bb3b
1d85a9a8a0c664f61a19377e5846769cce64d963e29001f56403926e63033f31
1da1dcb6ab84144dab601815cb8314e4d2f84444fcf8152ddec5ee227f9fa9e8
223b4e3c78dbddac21546ffb001abeb16ae48fc2cdc5b68532ae968d85ee2068
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b
24ced3c26e9bbd46acacc401cab1a790c6021ef403eb1cc0b3ee5e6b823ad064
26726bac4060abb1226e6ceebc1336e84930fe7a7af1b3895a109d067f5b5dcc
342c4e99d65d84e50a90dae7fff2f715fca2e0e6b6c1032ec4fdf39d826dea17
37bc99cfdbbc046193a26396787374d00e7b10d3a758a36045c07bd8886360d2
3a95689e90e588b166f7b3ecd334959a2d6a3da1d73d557c8fb72fa10cf465dd
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3ceb845596cd0b2142d50f3144ded925563816a3787579266f81384c6f8cc6cf
3d1cea2d85dfa2154a9e08895536fdfe4e6970846ff2a9a888804c65d1b826d7
3dfd308aee9865fa8a65bb6dd8e09097daa8b432e68c3af6a323b08d109371a6
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
57291ff8059617d42f091d4914658b82a01e090f69072c82b798d3d00bf08f36
5c491b65212e05ded0fddf40836eb7e3a790e935e73708a5fcb5ef75f2cd54ad
60549cc15762785938a51736d2d72accd8beb0e37c2ad0856b5cd89bb75101f1
66f9cdb8d61014d192f6f7e4a793fee299e35d3f5243baf029f58e281fbb9386
6e6eb706e88d4cbe426f93cdc397a8932a5f852423181affea3e75e3444bbf51
7000a8744b8656b2480390c3d3e90ec7b85ddda53ccdd1af5ec308f6cd6accfd
74f629b0e3388d3177b5e0e6e4eb88aed429d18b0f0a676a1da64e0bb5ee966c
75934e1a33ae326108b9da88bfa731f65e964336ff00947d94d58a3184a44e91
7c70156c1f92077f46cae2fa015b087ac0623c69a80032c618f637f9a07d5bbf
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
93c573f198e2291490c2664dc34b491e56e8be5f1b31e9512f90fdecb8d83d73
941c69e2710662afd214b905a81b06b8c255d33773c2c11d45d0bdfe6ca56b05
a4ee07cf704bec753cb9800f554eed469c33644b33281780ff98da34e36da57c
a4f21119f3d8c95ddfb75a28837faa5a29f8e6a51478ede5fb6e00a52112ed4d
a664242185a09fd19bd60980a3463364a8829fd887fdd6709696a844fe850516
a915d483b99af421f4813e6b60599b4e39faff120e54b5e9838386d4ae1a4c60
aa3d61bc2d51a6ec18f22fed31e80ede103cd47942b3ee817c5f28b064a69c35
b68efccae861d874c91f6607e469061f716801e4b3849e0e2cde0dc1b60ee9a6
b7446f5fb7cdf33b7e8cfc35809841cc91003d91f928493399c54adf2422fbd2
ba8710211e26c17d7e920e239a9557d240b102d756b680c967eca2403afb311a
c433942389a2da95bd69428e2aa1ebb5272cd01942d81ab93ff4015d6a240157
c4ae5268bef77000a0b3d189ab188bcd5a819ed731d3e2577ff75e22a5ab37b7
c4cb796d6fa49147bbcc17216ef9518139abb959b20a2b32747bd7f76d8f4174
c7d351e47d2b2360387bfb1e8c4aad0b7253db68aec05b04dd25d278a6f97cea
cbb0f35d3096c37b199e3d4e800fcd41bca1e26d8ed93b28905cc98887633aab
cedff8610211b296b3a7032b8b904fb880562054470097f76004c9c487b4ad54
d414e1364eb7295283d492924ca36cae34a2ec5615c10530f30a66d497e3e7d0
d5d89cc50699dbd7b6a362be04270811ae7a072f7805719cf2e80694e48ff50f
db9e45a5da9a1d55f57d4a73ceb2c47fc97f69609f0b42899860bf6309e46145
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e0f9ed9eb25362678cf9896630fc02aa48c47bd1bacf7918988833cf09d7d144
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e5d5b2cc80088a9af35daaaed680f831ca095d7a707e0f851fa97a202c29c4c2
ed388ccef37c7222f9cc3dd36ab6304027a1434278a24620b6f7bc8e625bae7b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f07c4822d750b4d7582ed7a3e1150cd7ce7b753c17dbead174699ca30ce4cd78
f2cbf87ef851d3fcb7ea0103534b88e5f958e69ce011c4d9cad4f7ae83931c8d
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
f5b9fed2d6540860dea2f7ae3d26b4392166decae3f84a9d615882d730246279
f9e2c5a71ce4250eb44da9a27b6f9669a11d4a4e141851203fd52085858c6b61
fb10e1b8d4cae2c20635a7ff53eafa5857f7f0f3bb8acc59305e625369ebdd09