urlscan.io logo urlscan.io
SecurityTrails logo

ecertslf.studentloan.or.th Open in urlscan Pro
2606:4700:10::ac43:80f  Public Scan

Go To Rescan Add Verdict Report
URL: https://ecertslf.studentloan.or.th/
Submission: On March 21 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 1 countries across 6 domains to perform 61 HTTP transactions. The main IP is 2606:4700:10::ac43:80f, located in United States and belongs to CLOUDFLARENET, US. The main domain is ecertslf.studentloan.or.th.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on July 13th 2023. Valid for: a year.
This is the only time ecertslf.studentloan.or.th was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
43 2606:4700:10:... 13335 (CLOUDFLAR...)
1 2607:f8b0:400... 15169 (GOOGLE)
10 13.225.214.103 16509 (AMAZON-02)
2 18.164.124.9 16509 (AMAZON-02)
1 2606:50c0:800... 54113 (FASTLY)
1 2607:f8b0:400... 15169 (GOOGLE)
61 7
43    2606:4700:10::ac43:80f (United States)

ASN13335 (CLOUDFLARENET, US)
ecertslf.studentloan.or.th
1    2607:f8b0:4006:81d::2004 (United States)

ASN15169 (GOOGLE, US)
www.google.com
10    13.225.214.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-214-103.ewr50.r.cloudfront.net
cdn.flowplayer.com
2    18.164.124.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-124-9.jfk50.r.cloudfront.net
releases.flowplayer.org
1    2606:50c0:8000::153 (United States)

ASN54113 (FASTLY, US)
pvdspek.github.io
1    2607:f8b0:4006:809::2003 (United States)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
43 studentloan.or.th
ecertslf.studentloan.or.th
2 MB
10 flowplayer.com
cdn.flowplayer.com — Cisco Umbrella Rank: 39567
232 KB
2 flowplayer.org
releases.flowplayer.org — Cisco Umbrella Rank: 117550
91 KB
1 gstatic.com
www.gstatic.com
198 KB
1 github.io
pvdspek.github.io
5 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 5
1 KB
61 6
Domain Requested by
43 ecertslf.studentloan.or.th ecertslf.studentloan.or.th
10 cdn.flowplayer.com ecertslf.studentloan.or.th
2 releases.flowplayer.org ecertslf.studentloan.or.th
1 www.gstatic.com www.google.com
1 pvdspek.github.io ecertslf.studentloan.or.th
1 www.google.com ecertslf.studentloan.or.th
61 6

This site contains no links.

Subject Issuer Validity Valid
*.studentloan.or.th
GlobalSign RSA OV SSL CA 2018		 2023-07-13 -
2024-08-10		 a year crt.sh
www.google.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh
*.flowplayer.com
Amazon RSA 2048 M01		 2023-05-02 -
2024-05-30		 a year crt.sh
*.flowplayer.org
Amazon RSA 2048 M02		 2023-06-03 -
2024-07-01		 a year crt.sh
*.github.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-15 -
2025-03-14		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2024-02-19 -
2024-05-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://ecertslf.studentloan.or.th/
Frame ID: 32F389520531709BFE31183FDCB19587
Requests: 61 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Studentloan

Detected technologies

Overall confidence: 100%
Detected patterns
  • /tiny_?mce(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • dataTables.*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js
Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • sweet(?:-)?alert(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

61
Requests

95 %
HTTPS

67 %
IPv6

6
Domains

6
Subdomains

7
IPs

1
Countries

2415 kB
Transfer

5099 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

61 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
ecertslf.studentloan.or.th/ 		60 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81a748350850199d84da7fe3943e2995aa7fec89ad066101955808a072b8ba72
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
cache-control
no-store, no-cache, must-revalidate public
cf-cache-status
DYNAMIC
cf-ray
867ec3e1ab5c4bc7-BUF
content-encoding
br
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
content-type
text/html; charset=UTF-8
date
Thu, 21 Mar 2024 14:52:21 GMT
expect-ct
enforce, max-age=300
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer strict-origin-when-cross-origin
server
cloudflare
strict-transport-security
max-age=15768000; includeSubDomains; preload
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
master-only
x-xss-protection
1; mode=block
bootstrap.css
ecertslf.studentloan.or.th/assets/bootstrap/css/ 		232 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/bootstrap/css/bootstrap.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80118526fd24ec4d1565d647cb22cc03963779ec8b7396992d9449bab9bcd9ad
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:54 GMT
server
cloudflare
etag
W/"65517cc6-3a130"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1e974bc7-BUF
all.css
ecertslf.studentloan.or.th/assets/fontawesome/css/ 		136 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/fontawesome/css/all.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
340d09d12141a30f53d870d647f2f4ba93047709331cd441c43db7301bd52d68
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:56 GMT
server
cloudflare
etag
W/"65517cc8-221cc"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1e994bc7-BUF
select2.min.css
ecertslf.studentloan.or.th/assets/select2/select2/ 		16 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/select2/select2/select2.min.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a64bd479f8dafd4a1d89aac51b7be7bdc36cbb0150782d5cf67cb82fb10dca2c
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:10 GMT
server
cloudflare
etag
W/"65517cd6-3f87"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1e9a4bc7-BUF
select2-bootstrap.min.css
ecertslf.studentloan.or.th/assets/select2/ 		16 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/select2/select2-bootstrap.min.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dbc9ab5ad8f2518c89a10724338a4da8b7a8121d25380aa773e5b3582f6cdc5
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:53 GMT
server
cloudflare
etag
W/"65517cc5-4198"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1e9b4bc7-BUF
dataTables.bootstrap5.min.css
ecertslf.studentloan.or.th/assets/datatable/css/ 		11 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/datatable/css/dataTables.bootstrap5.min.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
635da27c946b5f6faf16e5f39f724c7ef94c85a9e36a9e6d2751bcf103adcd1e
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:13 GMT
server
cloudflare
etag
W/"65517cd9-2bc9"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1e9d4bc7-BUF
stylesheet.css
ecertslf.studentloan.or.th/assets/fonts/Kanit2/ 		4 KB
513 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/fonts/Kanit2/stylesheet.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80ba85ab98ec4249e0fdb2396ce1923426daab402affff645658b95d09c55c10
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:12 GMT
server
cloudflare
etag
W/"65517cd8-f72"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1e9e4bc7-BUF
bootstrap.bundle.js
ecertslf.studentloan.or.th/assets/bootstrap/js/ 		202 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/bootstrap/js/bootstrap.bundle.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c03cbd081186aeacc03f92c09cc534e2d6f34be8aba31c188be0d6abe7cf454
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:55 GMT
server
cloudflare
etag
W/"65517cc7-328eb"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5eb54bc7-BUF
popper.min.js
ecertslf.studentloan.or.th/assets/bootstrap/ 		19 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/bootstrap/popper.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
da7796caf9359015af4ecdf8c6ccbd53706ea4613932a9b6f81e442e49d5f626
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:40 GMT
server
cloudflare
etag
W/"65517cb8-4d36"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5eb64bc7-BUF
jquery.min.js
ecertslf.studentloan.or.th/assets/js/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/js/jquery.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
131c0d82967fed05e1920e519e0ea6ec91ab97b7c40480f72f8af8680bba1f0a
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:44 GMT
server
cloudflare
etag
W/"65517cbc-15e3f"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5eb74bc7-BUF
tinymce.min.js
ecertslf.studentloan.or.th/assets/tinymce/js/tinymce/ 		383 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/tinymce/js/tinymce/tinymce.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c6a5feeb3fb4dd9b5ab70f3e13b6cb0715136ddb50344b6d3069e9233dc8a9c
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:14 GMT
server
cloudflare
etag
W/"65517cda-5fc2c"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5eb84bc7-BUF
summernote-bs5.min.css
ecertslf.studentloan.or.th/assets/summernote/ 		19 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/summernote/summernote-bs5.min.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0e818906e73dcabbddfc14524abec0c1bc6af5ce75611ed433b202f757ad66e
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:42 GMT
server
cloudflare
etag
W/"65517cba-4c39"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1e9f4bc7-BUF
summernote-bs5.min.js
ecertslf.studentloan.or.th/assets/summernote/ 		149 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/summernote/summernote-bs5.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8f39a878d4e210ed449dabeb6d989b9956c4645e6ac13a550f7fbf765c2e6487
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:43 GMT
server
cloudflare
etag
W/"65517cbb-2559d"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5eb94bc7-BUF
summernote-th-TH.js
ecertslf.studentloan.or.th/assets/summernote/lang/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/summernote/lang/summernote-th-TH.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
94b475125740e3632f0986cccf734ecae4fc884f1b2bc2f11c10d35d072bbfe9
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:00 GMT
server
cloudflare
etag
W/"65517ccc-2ec1"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5eba4bc7-BUF
sweetalert.js
ecertslf.studentloan.or.th/assets/js/ 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/js/sweetalert.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:45 GMT
server
cloudflare
etag
W/"65517cbd-9f68"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ebb4bc7-BUF
select2.min.js
ecertslf.studentloan.or.th/assets/select2/select2/ 		71 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/select2/select2/select2.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:10 GMT
server
cloudflare
etag
W/"65517cd6-11dcb"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ebc4bc7-BUF
jquery.dataTables.min.js
ecertslf.studentloan.or.th/assets/datatable/js/ 		88 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/datatable/js/jquery.dataTables.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4cdf211eaf3bda97da0f8cf81b232f69a85b386cbbff0a677e6078a9dd0d92b
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:13 GMT
server
cloudflare
etag
W/"65517cd9-16098"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ebd4bc7-BUF
dataTables.bootstrap5.min.js
ecertslf.studentloan.or.th/assets/datatable/js/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/datatable/js/dataTables.bootstrap5.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b58167383f2c2d837454c0cca41d15b8a1e9db536cc618eae015d011bc03ab2f
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:13 GMT
server
cloudflare
etag
W/"65517cd9-117f"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ebe4bc7-BUF
Chartv2.8.0.js
ecertslf.studentloan.or.th/assets/js/chartjs/ 		387 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/js/chartjs/Chartv2.8.0.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02a452513d20180c559e1d91cb343fc9ecdf86670f4330b62fc71eda25ccc582
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:03 GMT
server
cloudflare
etag
W/"65517ccf-60b74"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ebf4bc7-BUF
api.js
www.google.com/recaptcha/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
08d97db667290b2c47dce6cf9cef24ba8f85792aa0c14ed87f77693916ddc371
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 21 Mar 2024 14:52:21 GMT
jquery.mask.min.js
ecertslf.studentloan.or.th/assets/js/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/js/jquery.mask.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:45 GMT
server
cloudflare
etag
W/"65517cbd-2087"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ec14bc7-BUF
owl.carousel.min.css
ecertslf.studentloan.or.th//assets/owl/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th//assets/owl/css/owl.carousel.min.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:03 GMT
server
cloudflare
etag
W/"65517ccf-d17"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1ea04bc7-BUF
owl.theme.default.min.css
ecertslf.studentloan.or.th//assets/owl/css/ 		1013 B
514 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th//assets/owl/css/owl.theme.default.min.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:03 GMT
server
cloudflare
etag
W/"65517ccf-3f5"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1ea14bc7-BUF
owl.carousel.js
ecertslf.studentloan.or.th//assets/owl/ 		88 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th//assets/owl/owl.carousel.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db9d6cf3c1c4b047c62f646e7d9991c06a212931c362bf53f9a2406b30f09466
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:47 GMT
server
cloudflare
etag
W/"65517cbf-15f88"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ec24bc7-BUF
jquery.matchHeight.js
ecertslf.studentloan.or.th/assets/js/ 		12 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/js/jquery.matchHeight.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7d6ba13b690dee4af8ac51913d50f8509c65be9516aa24e2f761b3a1aa96dbd3
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:45 GMT
server
cloudflare
etag
W/"65517cbd-2e02"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ec34bc7-BUF
purify.min.js
ecertslf.studentloan.or.th/assets/DOMPurify/ 		22 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/DOMPurify/purify.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a82f0b6fc2ae7feede163c8c0a7a53b3744e9aef348ddc693a980c5cebe03918
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:21 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:53 GMT
server
cloudflare
etag
W/"65517cc5-5996"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ec44bc7-BUF
slick.min.js
ecertslf.studentloan.or.th/assets/slick-1.8.1/slick/ 		42 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/slick-1.8.1/slick/slick.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:13 GMT
server
cloudflare
etag
W/"65517cd9-a76f"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ec54bc7-BUF
slick.css
ecertslf.studentloan.or.th/assets/slick-1.8.1/slick/ 		2 KB
637 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/slick-1.8.1/slick/slick.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:13 GMT
server
cloudflare
etag
W/"65517cd9-6f0"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb1ea24bc7-BUF
slick-theme.css
ecertslf.studentloan.or.th/assets/slick-1.8.1/slick/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/slick-1.8.1/slick/slick-theme.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:13 GMT
server
cloudflare
etag
W/"65517cd9-c49"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5eb44bc7-BUF
jquery.qrcode.js
ecertslf.studentloan.or.th/assets/jquery-qrcode/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/jquery-qrcode/jquery.qrcode.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d60a1b3f06b700dc3cf78285952da732ef6e214ec12618ffb57b721ab7bc6ba9
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:51 GMT
server
cloudflare
etag
W/"65517cc3-b0d"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ec64bc7-BUF
qrcode.js
ecertslf.studentloan.or.th/assets/jquery-qrcode/ 		27 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/jquery-qrcode/qrcode.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93ae4a50828a7c59e0e75bd862970f0068bfb14313f22fdf24af09cfc9fb07f2
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:51 GMT
server
cloudflare
etag
W/"65517cc3-6a67"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ec74bc7-BUF
html2canvas.min.js
ecertslf.studentloan.or.th/assets/js/ 		36 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/js/html2canvas.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
737473b145a0fb2d97963ba71104b42ea59d434e17d43de3db67ddffc24200ac
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:44 GMT
server
cloudflare
etag
W/"65517cbc-9079"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3eb5ec84bc7-BUF
image_8.png
ecertslf.studentloan.or.th/file/wisimo/temp/ 		92 KB
92 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecertslf.studentloan.or.th/file/wisimo/temp/image_8.png
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3b19361e8443c8e283ed71062adf5bd9a5375caea76bb84c90cb757734b1b312
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
94071
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:34:57 GMT
server
cloudflare
etag
"65517d41-16f77"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3eb5ec94bc7-BUF
flag-thailand.png
ecertslf.studentloan.or.th/assets/img/ 		546 B
699 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecertslf.studentloan.or.th/assets/img/flag-thailand.png
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b733916dd9967fd7d15da7eed2eb44da4b121ab9e9b9d2aa3c2b6f883c301200
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:22 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
546
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:50 GMT
server
cloudflare
etag
"65517cc2-222"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3eb5eca4bc7-BUF
flag-usa.png
ecertslf.studentloan.or.th/assets/img/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecertslf.studentloan.or.th/assets/img/flag-usa.png
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b688d687ac8b1fe516a895446385a83c384e3c55a2d9927978cda3dc823911ba
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:23 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
2758
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:50 GMT
server
cloudflare
etag
"65517cc2-ac6"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3f359b34bc7-BUF
flowplayer.css
cdn.flowplayer.com/releases/native/stable/style/ 		25 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/style/flowplayer.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c4f010527c3e77b8821f7bea1e02d25a93273425dc9eaf6f5b146f8c3299fc35

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
fZ2macpIvyuUtDZe8c6hTEOUJEnIaLg2
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 09:46:49 GMT
x-amz-cf-pop
EWR50-C1
age
18360
x-cache
Hit from cloudfront
last-modified
Wed, 11 Aug 2021 17:25:33 GMT
server
AmazonS3
etag
W/"47f3fa9078bb9cf447b6e5b2ec2db511"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
jlUuJCNq8WgXaVuJUMlSjmIAE4Eg48m1KbB3nDTzzV19TcWk5JCccg==
flowplayer.min.js
cdn.flowplayer.com/releases/native/stable/ 		75 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/flowplayer.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c547c87b86f901faeadc604d0599e55ef83fc184fd24e92f034f58b3d42ea5eb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
z9AuynR_7vxAFMJS3QrFyBQF6OzeyRs9
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 07:56:01 GMT
x-amz-cf-pop
EWR50-C1
age
25024
x-cache
Hit from cloudfront
last-modified
Wed, 11 Aug 2021 17:25:32 GMT
server
AmazonS3
etag
W/"feb441314de3a34ddbaff394a88687b7"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
teS8TKbBWyngddT3-migSyJStneQLSJl918rJ-nAet0-ntS3DjBe4A==
hls.min.js
cdn.flowplayer.com/releases/native/stable/plugins/ 		245 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/plugins/hls.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4d4a4cd64f8056ee1023eec82a641f5393a3681aea3828a605ab4493481eed85

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
A4dKIwodaa_pZb366VlNeacp2qsl33Ub
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 11:46:35 GMT
x-amz-cf-pop
EWR50-C1
age
11149
x-cache
Hit from cloudfront
x-amz-storage-class
STANDARD_IA
last-modified
Wed, 11 Aug 2021 17:25:32 GMT
server
AmazonS3
etag
W/"5f54fb5b563a31ece50f06e693da6152"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
RL2xHrhUI5FxFUBlnyq5PgKrtohBpbEWPSOLuB2caE1TrRW5RzAiyw==
qsel.min.js
cdn.flowplayer.com/releases/native/stable/plugins/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/plugins/qsel.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
98979e0693f0c7323d1988a086d01d8b441c6d369bb2ca3c557bd07552803c12

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
JjPItxn0vwvFFWiLweqToUQ4ggbFLO27
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 06:06:24 GMT
x-amz-cf-pop
EWR50-C1
age
31560
x-cache
Hit from cloudfront
last-modified
Wed, 11 Aug 2021 17:25:32 GMT
server
AmazonS3
etag
W/"ea1954d9436ba11147491d468134a63d"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
SCV_TQza8Wld43kk6WkL9BsmAlTEjd8McYNeBkLy9MHHsjidyfj-Fg==
fas.js
cdn.flowplayer.com/releases/native/stable/plugins/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/plugins/fas.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fd0081736d8012bb8885eeccb6efe64f4354670009e1c03394924aab9afa76d2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
WSGVGYxQXFWzo1VLv8.xW9xDHY1ZXMbg
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 14:52:24 GMT
x-amz-cf-pop
EWR50-C1
x-cache
RefreshHit from cloudfront
last-modified
Fri, 18 Jan 2019 09:29:52 GMT
server
AmazonS3
etag
W/"8fb025c3fa347591de994912a49d24ac"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
e8NWHaRAeOOGIcZqF4brKrKLiQ6pOcZqKV-WtrhktlxffG4Fgfft4Q==
flowplayer.hlsjs.light.min.js
releases.flowplayer.org/hlsjs/ 		161 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://releases.flowplayer.org/hlsjs/flowplayer.hlsjs.light.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
be63db95d9df58756632cbd10d0ccc290bfb5b47094ed789bd11824fc42b230d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 16:10:12 GMT
content-encoding
br
via
1.1 7c1248297a08764c17a9223ad5c211f8.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2017 22:25:15 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:501/gname:staff/uname:nnarhinen/gid:20/mode:33188/mtime:1508394335/atime:1508394368/md5:8a21c5ec633c740c3880114ab609a737/ctime:1508394335
x-amz-cf-pop
JFK50-P7
age
81731
etag
W/"676f05948aa1dbed44688acf744e11d7"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
DFrJJeqshWtwOjqjIfOmeaYwDzJZj8efPWNcEigh-OtZyj5ZheIExQ==
owl.carousel.min.css
ecertslf.studentloan.or.th/assets/owlcarousel/ 		0
0
owl.theme.default.min.css
ecertslf.studentloan.or.th/assets/owlcarousel/ 		0
0
game-close.png
ecertslf.studentloan.or.th/file/wisimo/resource/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecertslf.studentloan.or.th/file/wisimo/resource/game-close.png
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8411e08f1e63e259ee8ec7446b5566c6944f33a379fe02ef3d4a7fbb2b68db1d
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:24 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
1922
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:37:35 GMT
server
cloudflare
etag
"65517ddf-782"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3f96bf04bc7-BUF
sweetalert.min.js
ecertslf.studentloan.or.th/assets/js/ 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/js/sweetalert.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15211e0be73438987ed05236dc4ce90962f7c46452427364446576505e66697b
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:24 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:45 GMT
server
cloudflare
etag
W/"65517cbd-9f62"
expect-ct
enforce, max-age=300
vary
Accept-Encoding, Accept-Encoding
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
x-frame-options
SAMEORIGIN
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3f96bea4bc7-BUF
all.css
ecertslf.studentloan.or.th/assets/fontawesome-free/css/ 		0
0
jquery.autoellipsis-1.0.10.js
pvdspek.github.io/downloads/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pvdspek.github.io/downloads/jquery.autoellipsis-1.0.10.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
GitHub.com /
Resource Hash
9d5b963eb84d0ea19ea533e6c7ae1472ea596641daafdf4e882d8927b9fd2921

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-fastly-request-id
c4321a848817e037bb62b6ccb11cc53852f5b31a
date
Thu, 21 Mar 2024 14:52:24 GMT
content-encoding
gzip
via
1.1 varnish
x-cache-hits
0
age
0
x-cache
MISS
x-proxy-cache
MISS
content-length
4473
x-served-by
cache-nyc-kteb1890045-NYC
last-modified
Mon, 16 Mar 2015 14:08:16 GMT
server
GitHub.com
x-github-request-id
27B6:2B8FD7:3115FDA:385C3DC:65FC49A7
x-timer
S1711032744.028092,VS0,VE21
etag
W/"5506e3d0-44e6"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=600
permissions-policy
interest-cohort=()
accept-ranges
bytes
expires
Thu, 21 Mar 2024 15:02:24 GMT
jquery.cookiebar.css
ecertslf.studentloan.or.th/assets/jquery.cookiebar/ 		722 B
340 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/jquery.cookiebar/jquery.cookiebar.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
022c2e2ed2840dcfdfc7d68e7fb90f6bdee0c7708be55fbdc346818fbb694b1d
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:24 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:39 GMT
server
cloudflare
etag
W/"65517cb7-2d2"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
text/css
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3f96bed4bc7-BUF
jquery.cookiebar.js
ecertslf.studentloan.or.th/assets/jquery.cookiebar/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/jquery.cookiebar/jquery.cookiebar.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b452e12fac140f91008314810e8229d1653436da86495b7c7a3e3b741348d8ed
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:24 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-encoding
br
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:39 GMT
server
cloudflare
etag
W/"65517cb7-1fd0"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
application/javascript
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
cf-ray
867ec3f96bef4bc7-BUF
recaptcha__en.js
www.gstatic.com/recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/ 		496 KB
198 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/Hq4JZivTyQ7GP8Kt571Tzodj/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9368f8ab141b9545a2b9e279abe8fef65a60091050ebeab9b63dd4c1bd0d38e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ecertslf.studentloan.or.th/
Origin
https://ecertslf.studentloan.or.th
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 07:52:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
111591
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
202152
x-xss-protection
0
last-modified
Tue, 19 Mar 2024 18:14:50 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 20 Mar 2025 07:52:33 GMT
fa-solid-900.woff2
ecertslf.studentloan.or.th/assets/fontawesome/webfonts/ 		147 KB
147 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/fontawesome/webfonts/fa-solid-900.woff2
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/assets/fontawesome/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d27bc752105c079f8a516e9142406a9fc12cbb409f9bf8681f2ddfe0360b52a6
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ecertslf.studentloan.or.th/assets/fontawesome/css/all.css
Origin
https://ecertslf.studentloan.or.th
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:25 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
150472
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:32:58 GMT
server
cloudflare
etag
"65517cca-24bc8"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3f9bc044bc7-BUF
Kanit-Light.woff2
ecertslf.studentloan.or.th/assets/fonts/Kanit2/ 		48 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/fonts/Kanit2/Kanit-Light.woff2
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/assets/fonts/Kanit2/stylesheet.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2942d1a93934328b1576bcf2ac221624e4c21580937bddcaf058e095728505fe
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ecertslf.studentloan.or.th/assets/fonts/Kanit2/stylesheet.css
Origin
https://ecertslf.studentloan.or.th
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:25 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
49256
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:12 GMT
server
cloudflare
etag
"65517cd8-c068"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3f9bc054bc7-BUF
flowplayer.css
cdn.flowplayer.com/releases/native/stable/style/ 		25 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/style/flowplayer.css
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c4f010527c3e77b8821f7bea1e02d25a93273425dc9eaf6f5b146f8c3299fc35

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
fZ2macpIvyuUtDZe8c6hTEOUJEnIaLg2
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 09:46:49 GMT
x-amz-cf-pop
EWR50-C1
age
18361
x-cache
Hit from cloudfront
last-modified
Wed, 11 Aug 2021 17:25:33 GMT
server
AmazonS3
etag
W/"47f3fa9078bb9cf447b6e5b2ec2db511"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
text/css; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
xNyCmqFGs-B_rrWBz3_XNfFLl3csmUG3NGRu4i9CxqgSncmwUKHogA==
bca732a6fabf441ba498f8e66f0d3885.png
ecertslf.studentloan.or.th/file/wisimo/img/ 		548 KB
549 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecertslf.studentloan.or.th/file/wisimo/img/bca732a6fabf441ba498f8e66f0d3885.png
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a2e312a3bf8b3d45674b0f71d115b9c641f44c3d65e8874102b590b3cce7759f
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:24 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
561536
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 04 Dec 2023 11:12:14 GMT
server
cloudflare
etag
"656db40e-89180"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3fbacc74bc7-BUF
0c099ba52b01602a9e0d4cda2169a794.png
ecertslf.studentloan.or.th/file/wisimo//img/ 		400 KB
401 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ecertslf.studentloan.or.th/file/wisimo//img/0c099ba52b01602a9e0d4cda2169a794.png
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f42ed81253bef037e329a2b5d3b0c2b8a96c6dcb814e1e1abc6e4e1b3bcfcd1
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:25 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
409996
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Thu, 07 Dec 2023 01:54:34 GMT
server
cloudflare
etag
"657125da-6418c"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
image/png
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3fbacc84bc7-BUF
Kanit-Regular.woff2
ecertslf.studentloan.or.th/assets/fonts/Kanit2/ 		49 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ecertslf.studentloan.or.th/assets/fonts/Kanit2/Kanit-Regular.woff2
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/assets/fonts/Kanit2/stylesheet.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:80f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
41dd8b30236f8ffc0553ff3e58f33771793b67c202b9c87e91e957b11b84e388
Security Headers
Name Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ecertslf.studentloan.or.th/assets/fonts/Kanit2/stylesheet.css
Origin
https://ecertslf.studentloan.or.th
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Thu, 21 Mar 2024 14:52:25 GMT
content-security-policy
default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
x-content-type-options
nosniff
strict-transport-security
max-age=15768000; includeSubDomains; preload
cf-cache-status
MISS
x-permitted-cross-domain-policies
master-only
content-length
49980
x-xss-protection
1; mode=block
public-key-pins
pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
referrer-policy
no-referrer, strict-origin-when-cross-origin
last-modified
Mon, 13 Nov 2023 01:33:13 GMT
server
cloudflare
etag
"65517cd9-c33c"
expect-ct
enforce, max-age=300
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,POST,OPTIONS,PUT,DELETE,PATCH
content-type
font/woff2
vary
Accept-Encoding
cache-control
public, max-age=14400
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
867ec3fbacc64bc7-BUF
flowplayer.min.js
cdn.flowplayer.com/releases/native/stable/ 		75 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/flowplayer.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c547c87b86f901faeadc604d0599e55ef83fc184fd24e92f034f58b3d42ea5eb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
z9AuynR_7vxAFMJS3QrFyBQF6OzeyRs9
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 07:56:01 GMT
x-amz-cf-pop
EWR50-C1
age
25025
x-cache
Hit from cloudfront
last-modified
Wed, 11 Aug 2021 17:25:32 GMT
server
AmazonS3
etag
W/"feb441314de3a34ddbaff394a88687b7"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
hkDxE4f5lipcMOWUWRO0mrVQsswJJoywvQxB2Yl8FGCwNv4LQAEfDg==
hls.min.js
cdn.flowplayer.com/releases/native/stable/plugins/ 		245 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/plugins/hls.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4d4a4cd64f8056ee1023eec82a641f5393a3681aea3828a605ab4493481eed85

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
A4dKIwodaa_pZb366VlNeacp2qsl33Ub
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 11:46:35 GMT
x-amz-cf-pop
EWR50-C1
age
11150
x-cache
Hit from cloudfront
x-amz-storage-class
STANDARD_IA
last-modified
Wed, 11 Aug 2021 17:25:32 GMT
server
AmazonS3
etag
W/"5f54fb5b563a31ece50f06e693da6152"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
VZw4yH9z3AyF4qjZc1CHm-E5-jHfqf12Xlr4xlUr8jqJHrRBs3PDzg==
qsel.min.js
cdn.flowplayer.com/releases/native/stable/plugins/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/plugins/qsel.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
98979e0693f0c7323d1988a086d01d8b441c6d369bb2ca3c557bd07552803c12

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
JjPItxn0vwvFFWiLweqToUQ4ggbFLO27
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 06:06:24 GMT
x-amz-cf-pop
EWR50-C1
age
31561
x-cache
Hit from cloudfront
last-modified
Wed, 11 Aug 2021 17:25:32 GMT
server
AmazonS3
etag
W/"ea1954d9436ba11147491d468134a63d"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
WeELvyc2szNPtbepDWrvRsANUehxwvg0XPLGQ8jFs8UpyiGRdyal9w==
fas.js
cdn.flowplayer.com/releases/native/stable/plugins/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.flowplayer.com/releases/native/stable/plugins/fas.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.214.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-214-103.ewr50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fd0081736d8012bb8885eeccb6efe64f4354670009e1c03394924aab9afa76d2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id
WSGVGYxQXFWzo1VLv8.xW9xDHY1ZXMbg
content-encoding
gzip
via
1.1 f91b1dd39ce8309d7fc575add365607e.cloudfront.net (CloudFront)
date
Thu, 21 Mar 2024 14:52:24 GMT
x-amz-cf-pop
EWR50-C1
age
1
x-cache
Hit from cloudfront
last-modified
Fri, 18 Jan 2019 09:29:52 GMT
server
AmazonS3
etag
W/"8fb025c3fa347591de994912a49d24ac"
access-control-max-age
3000
access-control-allow-methods
GET, POST, PUT, HEAD
content-type
application/javascript
access-control-allow-origin
*
access-control-expose-headers
ETag
vary
Accept-Encoding
x-amz-cf-id
QdhPTr1qMnVzx93blJsDyV90CWE825aLQWd7Dt5RnD1K-isFVFjHCg==
flowplayer.hlsjs.light.min.js
releases.flowplayer.org/hlsjs/ 		161 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://releases.flowplayer.org/hlsjs/flowplayer.hlsjs.light.min.js
Requested by
Host: ecertslf.studentloan.or.th
URL: https://ecertslf.studentloan.or.th/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.124.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-124-9.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
be63db95d9df58756632cbd10d0ccc290bfb5b47094ed789bd11824fc42b230d

Request headers

accept-language
en-US,en;q=0.9
Referer
https://ecertslf.studentloan.or.th/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Wed, 20 Mar 2024 16:10:12 GMT
content-encoding
br
via
1.1 7c1248297a08764c17a9223ad5c211f8.cloudfront.net (CloudFront)
last-modified
Wed, 25 Oct 2017 22:25:15 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
uid:501/gname:staff/uname:nnarhinen/gid:20/mode:33188/mtime:1508394335/atime:1508394368/md5:8a21c5ec633c740c3880114ab609a737/ctime:1508394335
x-amz-cf-pop
JFK50-P7
age
81732
etag
W/"676f05948aa1dbed44688acf744e11d7"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
ku60lYP8PzT8APNWQ5KbYYcnUD1CekHYpHfAC5T8MqFuWs5ThosmMg==

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
ecertslf.studentloan.or.th
URL
https://ecertslf.studentloan.or.th/assets/owlcarousel/owl.carousel.min.css
Domain
ecertslf.studentloan.or.th
URL
https://ecertslf.studentloan.or.th/assets/owlcarousel/owl.theme.default.min.css
Domain
ecertslf.studentloan.or.th
URL
https://ecertslf.studentloan.or.th/assets/fontawesome-free/css/all.css

Verdicts & Comments Add Verdict or Comment

60 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| uidEvent object| bootstrap object| Popper function| $ function| jQuery object| tinymce object| tinyMCE function| setImmediate function| clearImmediate function| swal function| sweetAlert object| $jscomp function| $jscomp$lookupPolyfilledValue function| DataTable function| Color function| Chart object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client function| DOMPurify function| QR8bitByte function| QRCode object| QRMode object| QRErrorCorrectLevel object| QRMaskPattern object| QRUtil object| QRMath function| QRPolynomial function| QRRSBlock function| QRBitBuffer function| html2canvas function| myBlog function| focusSearch function| showHamburger function| showProfile function| buttonLoading function| buttonReset function| copyToClipboard function| emit function| on function| off function| once function| one function| flowplayer object| __flowplayer_active_menu object| recaptcha function| play_video_announce function| closeLightBox function| favCourse function| checkSearch function| filter function| modalLive function| modalUpcomingLive function| load_concurrent_home function| load_view_concurrent function| load_concurrent_modal_close function| favKmsCategory string| show_cookie string| message_cookie

2 Cookies

Domain/Path Name / Value
ecertslf.studentloan.or.th/ Name: csrf_cookie_name
Value: 1314f7a1d0c2023cc270e80923559a14
ecertslf.studentloan.or.th/ Name: ci_session
Value: 1gn1t353h72d61e4o76lu2o6p85jkks2

3 Console Messages

Source Level URL
Text
security error URL: https://ecertslf.studentloan.or.th/(Line 859)
Message:
Refused to apply style from 'https://ecertslf.studentloan.or.th/assets/owlcarousel/owl.carousel.min.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://ecertslf.studentloan.or.th/(Line 860)
Message:
Refused to apply style from 'https://ecertslf.studentloan.or.th/assets/owlcarousel/owl.theme.default.min.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://ecertslf.studentloan.or.th/(Line 1300)
Message:
Refused to apply style from 'https://ecertslf.studentloan.or.th/assets/fontawesome-free/css/all.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' ; connect-src 'self' *.mittare.com/ https://pmi.flowplayer.com https://stats.g.doubleclick.net https://zap.cloud.wowza.com https://health.flowplayer.com/ https://wisimo-m.wisimo.com/ ; media-src 'self' blob: data: wave: *.mittare.com/; img-src 'self' 'unsafe-inline' 'unsafe-eval' data: blob: *.gstatic.com *.googleapis.com i.ytimg.com *.googleusercontent.com *.fbsbx.com *.line-scdn.net https://www.google-analytics.com *.google.com https://analytics.tiktok.com *.facebook.com *.google.co.th https://sp.tinymce.com https://player.wowza.com/ ; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https://www.googletagmanager.com https://www.google-analytics.com/ *.googleapis.com *.youtube.com *.gstatic.com *.facebook.net *.google.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://analytics.tiktok.com/ https://cdn.flowplayer.com/ https://releases.flowplayer.org https://pvdspek.github.io/ https://cdn.tiny.cloud *.wowza.com https://cdnjs.cloudflare.com/ https://cdnjs.cloudflare.com/ https://code.jquery.com https://unpkg.com https://ssl.google-analytics.com https://cdn.jsdelivr.net/ ; style-src 'self' 'unsafe-inline' *.flowplayer.com *.googleapis.com https://use.fontawesome.com https://cdnjs.cloudflare.com https://code.jquery.com https://cdn.tiny.cloud/ ; font-src 'self' data: *.googleapis.com *.bootstrapcdn.com *.gstatic.com *.googleapis.com https://use.fontawesome.com/ https://fonts.gstatic.com https://cdnjs.cloudflare.com ; frame-src 'self' https://bid.g.doubleclick.net/ *.doubleclick.net/ https://www.youtube-nocookie.com https://share.sandbox.lalamove.com/ *.youtube.com *.googleapis.com *.google.com *.facebook.com; object-src 'self' https://www.youtube.com *.googleapis.com;
Public-Key-Pins pin-sha256="base64+primary==InsertPrimaryCertificateSHA256FingerPrintHere"; pin-sha256="base64+backup==InsertBackupCertificateSHA256FingerPrintHere"; max-age=5184000
Strict-Transport-Security max-age=15768000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.flowplayer.com
ecertslf.studentloan.or.th
pvdspek.github.io
releases.flowplayer.org
www.google.com
www.gstatic.com
ecertslf.studentloan.or.th
13.225.214.103
18.164.124.9
2606:4700:10::ac43:80f
2606:50c0:8000::153
2607:f8b0:4006:809::2003
2607:f8b0:4006:81d::2004
022c2e2ed2840dcfdfc7d68e7fb90f6bdee0c7708be55fbdc346818fbb694b1d
02a452513d20180c559e1d91cb343fc9ecdf86670f4330b62fc71eda25ccc582
08d97db667290b2c47dce6cf9cef24ba8f85792aa0c14ed87f77693916ddc371
0c03cbd081186aeacc03f92c09cc534e2d6f34be8aba31c188be0d6abe7cf454
0c7178cc6ca34fb18e30f070a5e7a1c287b2d7ccfcba2cfdf06e0f46eda55740
0f42ed81253bef037e329a2b5d3b0c2b8a96c6dcb814e1e1abc6e4e1b3bcfcd1
131c0d82967fed05e1920e519e0ea6ec91ab97b7c40480f72f8af8680bba1f0a
15211e0be73438987ed05236dc4ce90962f7c46452427364446576505e66697b
2942d1a93934328b1576bcf2ac221624e4c21580937bddcaf058e095728505fe
2a0db34dc14ef4b5ce73b230701c7561e5012667a4c9cb274ecab646e1474995
2ac46ebee46d515be86deeba385b4e41f8cff160364b362c9a6e153df327c66b
340d09d12141a30f53d870d647f2f4ba93047709331cd441c43db7301bd52d68
3b19361e8443c8e283ed71062adf5bd9a5375caea76bb84c90cb757734b1b312
3c6a5feeb3fb4dd9b5ab70f3e13b6cb0715136ddb50344b6d3069e9233dc8a9c
41dd8b30236f8ffc0553ff3e58f33771793b67c202b9c87e91e957b11b84e388
4d4a4cd64f8056ee1023eec82a641f5393a3681aea3828a605ab4493481eed85
521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc
635da27c946b5f6faf16e5f39f724c7ef94c85a9e36a9e6d2751bcf103adcd1e
737473b145a0fb2d97963ba71104b42ea59d434e17d43de3db67ddffc24200ac
7adaf08052c6a6a0f8a0d0055b4f191fd07389fe41c972b69573472b2ecb406a
7d6ba13b690dee4af8ac51913d50f8509c65be9516aa24e2f761b3a1aa96dbd3
80118526fd24ec4d1565d647cb22cc03963779ec8b7396992d9449bab9bcd9ad
80ba85ab98ec4249e0fdb2396ce1923426daab402affff645658b95d09c55c10
81a748350850199d84da7fe3943e2995aa7fec89ad066101955808a072b8ba72
8411e08f1e63e259ee8ec7446b5566c6944f33a379fe02ef3d4a7fbb2b68db1d
8f39a878d4e210ed449dabeb6d989b9956c4645e6ac13a550f7fbf765c2e6487
924b0dc630d1c5dff9fa31aead9509775b1d476bfe0a5ac2977b2f11205a26ac
9368f8ab141b9545a2b9e279abe8fef65a60091050ebeab9b63dd4c1bd0d38e1
93ae4a50828a7c59e0e75bd862970f0068bfb14313f22fdf24af09cfc9fb07f2
94b475125740e3632f0986cccf734ecae4fc884f1b2bc2f11c10d35d072bbfe9
98979e0693f0c7323d1988a086d01d8b441c6d369bb2ca3c557bd07552803c12
9d5b963eb84d0ea19ea533e6c7ae1472ea596641daafdf4e882d8927b9fd2921
9dbc9ab5ad8f2518c89a10724338a4da8b7a8121d25380aa773e5b3582f6cdc5
a2e312a3bf8b3d45674b0f71d115b9c641f44c3d65e8874102b590b3cce7759f
a4cdf211eaf3bda97da0f8cf81b232f69a85b386cbbff0a677e6078a9dd0d92b
a64bd479f8dafd4a1d89aac51b7be7bdc36cbb0150782d5cf67cb82fb10dca2c
a82f0b6fc2ae7feede163c8c0a7a53b3744e9aef348ddc693a980c5cebe03918
b452e12fac140f91008314810e8229d1653436da86495b7c7a3e3b741348d8ed
b58167383f2c2d837454c0cca41d15b8a1e9db536cc618eae015d011bc03ab2f
b688d687ac8b1fe516a895446385a83c384e3c55a2d9927978cda3dc823911ba
b733916dd9967fd7d15da7eed2eb44da4b121ab9e9b9d2aa3c2b6f883c301200
be63db95d9df58756632cbd10d0ccc290bfb5b47094ed789bd11824fc42b230d
c4f010527c3e77b8821f7bea1e02d25a93273425dc9eaf6f5b146f8c3299fc35
c547c87b86f901faeadc604d0599e55ef83fc184fd24e92f034f58b3d42ea5eb
d27bc752105c079f8a516e9142406a9fc12cbb409f9bf8681f2ddfe0360b52a6
d60a1b3f06b700dc3cf78285952da732ef6e214ec12618ffb57b721ab7bc6ba9
da7796caf9359015af4ecdf8c6ccbd53706ea4613932a9b6f81e442e49d5f626
db9d6cf3c1c4b047c62f646e7d9991c06a212931c362bf53f9a2406b30f09466
de1e399b07289f3b0a8d35142e363e128124a1185770e214e25e58030dad48e5
e0e818906e73dcabbddfc14524abec0c1bc6af5ce75611ed433b202f757ad66e
f7244fff610595b944f76bf3080d74e3af42b5dd234f8f079e698cc39ac966b0
fd0081736d8012bb8885eeccb6efe64f4354670009e1c03394924aab9afa76d2