www.xfinityloyalty.com Open in urlscan Pro
35.173.69.207  Public Scan

Upgrade-Insecure-Requests

1

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

accept-language

de-DE,de;q=0.9

Connection

keep-alive

Content-Encoding

gzip

Content-Type

text/html; charset=utf-8

Date

Thu, 26 May 2022 21:35:56 GMT

Referrer-Policy

same-origin

Server

PythonAnywhere

Transfer-Encoding

chunked

Vary

Accept-Encoding

X-Clacks-Overhead

GNU Terry Pratchett

X-Content-Type-Options

nosniff

X-Frame-Options

DENY

Redirect headers

Connection

keep-alive

Content-Length

0

Content-Type

text/html; charset=utf-8

Date

Thu, 26 May 2022 21:35:56 GMT

Location

/payment/

Referrer-Policy

same-origin

Server

PythonAnywhere

X-Clacks-Overhead

GNU Terry Pratchett

X-Content-Type-Options

nosniff

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:43 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

text/css

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:43 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

text/css

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:43 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

text/css

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:44 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

text/css

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:44 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

text/css

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Sun, 17 Apr 2022 18:23:33 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

text/css

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Sun, 17 Apr 2022 18:23:33 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

text/css

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:43 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

text/css

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

content-security-policy

default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-Mwbl+6JpQXHVY7+bUo6qP8SiZcLFSA6LwlG8+odzw2a51hl1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-Mwbl+6JpQXHVY7+bUo6qP8SiZcLFSA6LwlG8+odzw2a51hl1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp

content-encoding

gzip

x-content-type-options

nosniff

age

0

via

1.1 varnish

x-cache

MISS

p3p

true

paypal-debug-id

f939414637dcf

server-timing

content-encoding;desc="gzip",x-cdn;desc="fastly"

dc

ccg11-origin-www-1.paypal.com

vary

Accept-Encoding

content-length

101472

x-xss-protection

1; mode=block

x-served-by

cache-hhn4047-HHN

x-timer

S1653600956.443974,VS0,VE572

x-frame-options

SAMEORIGIN

date

Thu, 26 May 2022 21:35:57 GMT

strict-transport-security

max-age=63072000; includeSubDomains; preload

content-type

application/javascript; charset=utf-8

access-control-allow-origin

*

cache-control

public, max-age=3600, s-maxage=10800

etag

W/"18c60-ikpBTMP3mGDHeH/KgiSEHtCNPkU"

accept-ranges

bytes

x-cache-hits

0

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

date

Mon, 23 May 2022 09:09:33 GMT

content-encoding

gzip

x-content-type-options

nosniff

age

303983

content-security-policy-report-only

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers

cross-origin-resource-policy

cross-origin

alt-svc

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

content-length

31017

x-xss-protection

0

last-modified

Wed, 10 Mar 2021 14:28:09 GMT

server

sffe

cross-origin-opener-policy

same-origin; report-to="hosted-libraries-pushers"

vary

Accept-Encoding

report-to

{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}

content-type

text/javascript; charset=UTF-8

access-control-allow-origin

*

cache-control

public, max-age=31536000, stale-while-revalidate=2592000

accept-ranges

bytes

timing-allow-origin

*

expires

Tue, 23 May 2023 09:09:33 GMT

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:44 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

application/javascript

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:43 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

application/javascript

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:43 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

application/javascript

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:44 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

application/javascript

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

Referrer-Policy

same-origin

Server

PythonAnywhere

X-Frame-Options

DENY

Content-Type

text/html

Transfer-Encoding

chunked

Connection

keep-alive

Vary

Accept-Encoding

X-Content-Type-Options

nosniff

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:44 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

application/javascript

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

Referrer-Policy

same-origin

Server

PythonAnywhere

X-Frame-Options

DENY

Content-Type

text/html

Transfer-Encoding

chunked

Connection

keep-alive

Vary

Accept-Encoding

X-Content-Type-Options

nosniff

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/payment/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:56 GMT

Content-Encoding

gzip

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:43 GMT

Server

PythonAnywhere

Vary

Accept-Encoding

Content-Type

application/javascript

Transfer-Encoding

chunked

Connection

keep-alive

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

strict-transport-security

max-age=31536000

content-encoding

gzip

x-content-type-options

nosniff

cross-origin-resource-policy

cross-origin

alt-svc

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

x-xss-protection

0

last-modified

Thu, 26 May 2022 21:35:56 GMT

server

ESF

cross-origin-opener-policy

same-origin-allow-popups

date

Thu, 26 May 2022 21:35:56 GMT

x-frame-options

SAMEORIGIN

content-type

text/css; charset=utf-8

access-control-allow-origin

*

cache-control

private, max-age=86400, stale-while-revalidate=604800

timing-allow-origin

*

link

<https://fonts.gstatic.com>; rel=preconnect; crossorigin

expires

Thu, 26 May 2022 21:35:56 GMT

Referer

https://www.xfinityloyalty.com/static/assets/plugins/fontawesome/css/all.css

Origin

https://www.xfinityloyalty.com

accept-language

de-DE,de;q=0.9

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:57 GMT

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:44 GMT

Server

PythonAnywhere

Connection

keep-alive

Content-Length

74348

Referer

https://fonts.googleapis.com/

Origin

https://www.xfinityloyalty.com

accept-language

de-DE,de;q=0.9

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

date

Tue, 24 May 2022 17:08:29 GMT

x-content-type-options

nosniff

age

188848

content-security-policy-report-only

require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes

cross-origin-resource-policy

cross-origin

alt-svc

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

content-length

31248

x-xss-protection

0

last-modified

Tue, 26 Apr 2022 15:29:47 GMT

server

sffe

cross-origin-opener-policy

same-origin; report-to="apps-themes"

report-to

{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}

content-type

font/woff2

access-control-allow-origin

*

cache-control

public, max-age=31536000

accept-ranges

bytes

timing-allow-origin

*

expires

Wed, 24 May 2023 17:08:29 GMT

Referer

https://www.xfinityloyalty.com/static/assets/plugins/fontawesome/css/all.css

Origin

https://www.xfinityloyalty.com

accept-language

de-DE,de;q=0.9

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:57 GMT

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:44 GMT

Server

PythonAnywhere

Connection

keep-alive

Content-Length

72112

Referer

https://www.xfinityloyalty.com/static/assets/plugins/themify/css/themify-icons.css

Origin

https://www.xfinityloyalty.com

accept-language

de-DE,de;q=0.9

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:57 GMT

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:44 GMT

Server

PythonAnywhere

Connection

keep-alive

Content-Length

56108

Content-Type

application/font-woff

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

content-security-policy

default-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; script-src 'nonce-EI1wgr6C3cNbz4EHQJ9kCaQ0+8hjQjstAS/POvHD9JqYHIlU' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval'; img-src * data:; object-src 'none'; font-src 'self' https://*.paypalobjects.com https://*.paypal.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://nexus.ensighten.com https://*.google-analytics.com 'unsafe-inline' https://*.qualtrics.com; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline' https://*.qualtrics.com;

content-encoding

gzip

x-content-type-options

nosniff

age

0

x-cache

MISS

paypal-debug-id

f733266b14f84

server-timing

content-encoding;desc="gzip",x-cdn;desc="fastly"

dc

ccg11-origin-www-1.paypal.com

vary

Accept-Encoding

content-length

4299

x-xss-protection

1; mode=block

x-served-by

cache-hhn4047-HHN

x-timer

S1653600957.120504,VS0,VE344

x-frame-options

SAMEORIGIN

date

Thu, 26 May 2022 21:35:57 GMT

strict-transport-security

max-age=63072000; includeSubDomains; preload

content-type

application/x-javascript; charset=utf-8

via

1.1 varnish

cache-control

public, max-age=3600

etag

W/"2f34-zQQ0FVqIlbkbuS4WgpPW/nUPXC4"

accept-ranges

bytes

x-cache-hits

0

Upgrade-Insecure-Requests

1

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

accept-language

de-DE,de;q=0.9

accept-ranges

none

cache-control

max-age=0, no-cache, no-store, must-revalidate

content-disposition

inline

content-encoding

br

content-security-policy

form-action 'self' https://*.paypal.com https://*.cardinalcommerce.com; default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.googleapis.com https://*.firebaseio.com wss://*.firebaseio.com https://api2.amplitude.com http://127.0.0.1:* https://*.qualtrics.com; frame-src 'self' https://*.paypal.com:* https://*.paypalobjects.com https://*.cardinalcommerce.com https://*.firebaseapp.com https://*.qualtrics.com; script-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline' 'unsafe-eval' https://apis.google.com; style-src 'self' https://*.paypal.com:* https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; object-src 'none'; img-src https: data:; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp

content-type

text/html; charset=utf-8

date

Thu, 26 May 2022 21:35:57 GMT

dc

ccg11-origin-www-1.paypal.com

etag

W/W/"5dca9-v+R3Xho8X9grQ4zL8JVvSTW9rk0"

p3p

true

paypal-debug-id

f7332660fe151

server-timing

content-encoding;desc="",x-cdn;desc="fastly"

strict-transport-security

max-age=63072000; includeSubDomains; preload

vary

Accept-Encoding

via

1.1 varnish

x-cache

MISS

x-cache-hits

0

x-content-type-options

nosniff

x-csrf-jwt

__blank__

x-served-by

cache-hhn4047-HHN

x-timer

S1653600957.191615,VS0,VE314

x-xss-protection

1; mode=block

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Content-Type

image/svg+xml

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Content-Type

image/svg+xml

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Content-Type

image/svg+xml

accept-language

de-DE,de;q=0.9

Referer

https://www.xfinityloyalty.com/static/assets/css/style.css

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:57 GMT

X-Clacks-Overhead

GNU Terry Pratchett

Last-Modified

Mon, 11 Apr 2022 16:10:43 GMT

Server

PythonAnywhere

Connection

keep-alive

Content-Length

34186

Content-Type

image/jpeg

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

date

Thu, 26 May 2022 21:35:57 GMT

content-encoding

gzip

vary

Accept-Language

server

mafe

x-frame-options

SAMEORIGIN

content-type

text/javascript; charset=UTF-8

cache-control

public, max-age=1800

cross-origin-resource-policy

cross-origin

server-timing

gfet4t7; dur=12

alt-svc

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

content-length

54088

x-xss-protection

0

expires

Thu, 26 May 2022 22:05:57 GMT

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

date

Thu, 26 May 2022 21:35:57 GMT

content-encoding

gzip

x-content-type-options

nosniff

alt-svc

h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

server

scaffolding on HTTPServer2

x-frame-options

SAMEORIGIN

content-type

application/json; charset=UTF-8

access-control-allow-origin

https://www.xfinityloyalty.com

access-control-expose-headers

vary,vary,vary,content-encoding,date,server,content-length

cache-control

private

vary

Origin, X-Origin, Referer

content-length

23

x-xss-protection

0

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

pragma

no-cache

date

Thu, 26 May 2022 21:35:57 GMT

content-type

image/gif

server

ECAcc (frc/8F43)

strict-transport-security

max-age=63072000; includeSubDomains; preload

p3p

policyref="https://t.paypal.com/w3c/p3p.xml",CP="CAO IND OUR SAM UNI STA COR COM"

paypal-debug-id

18284c39653cd

cache-control

max-age=0, no-cache, no-store, must-revalidate

server-timing

content-encoding;desc="", x-cdn;desc="edgecast",edge;dur=146

timing-allow-origin

*

content-length

42

expires

Thu, 26 May 2022 21:35:57 GMT

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Content-Type

image/svg+xml

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Content-Type

image/svg+xml

accept-language

de-DE,de;q=0.9

Referer

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Content-Type

image/svg+xml

accept-language

de-DE,de;q=0.9

Referer

https://www.paypal.com/smart/buttons?sdkVersion=5.0.315&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVdqY2l6TW9SZk1mY053NldZV3RVLWpfNlVJd2NJQjhHRVoxbmhXYnFtaU4tcndUcThzMVI0bDRyTGd4QWJxUXZtZlZyVmdoR3ZRMlcxMFomY3VycmVuY3k9VVNEJmNvbW1pdD1mYWxzZSIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX3JpZXJ2Zmxva3lzb3N4ZGlzZXd5d2ZycWNjeXB6cyJ9fQ&clientID=AWjcizMoRfMfcNw6WYWtU-j_6UIwcIB8GEZ1nhWbqmiN-rwTq8s1R4l4rLgxAbqQvmfVrVghGvQ2W10Z&sdkCorrelationID=f5641575bc4eb&storageID=uid_fa047aa10f_mje6mzu6ntc&sessionID=uid_6c0abb08ee_mje6mzu6ntc&buttonSessionID=uid_65d0111093_mje6mzu6ntc&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

content-security-policy

default-src 'self' https://*.paypal.com https://*.paypalobjects.com; connect-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; frame-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.qualtrics.com; script-src 'nonce-Mwbl+6JpQXHVY7+bUo6qP8SiZcLFSA6LwlG8+odzw2a51hl1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; style-src 'nonce-Mwbl+6JpQXHVY7+bUo6qP8SiZcLFSA6LwlG8+odzw2a51hl1' 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; object-src 'none'; img-src https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; upgrade-insecure-requests;; report-uri https://www.paypal.com/csplog/api/log/csp

content-encoding

gzip

x-content-type-options

nosniff

age

1

via

1.1 varnish

x-cache

HIT

p3p

true

paypal-debug-id

f939414637dcf

server-timing

content-encoding;desc="gzip",x-cdn;desc="fastly"

dc

ccg11-origin-www-1.paypal.com

vary

Accept-Encoding

content-length

101472

x-xss-protection

1; mode=block

x-served-by

cache-hhn4047-HHN

x-timer

S1653600958.698908,VS0,VE1

x-frame-options

SAMEORIGIN

date

Thu, 26 May 2022 21:35:57 GMT

strict-transport-security

max-age=63072000; includeSubDomains; preload

content-type

application/javascript; charset=utf-8

access-control-allow-origin

*

cache-control

public, max-age=3600, s-maxage=10800

etag

W/"18c60-ikpBTMP3mGDHeH/KgiSEHtCNPkU"

accept-ranges

bytes

x-cache-hits

1

accept-language

de-DE,de;q=0.9

Referer

https://www.paypal.com/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

strict-transport-security

max-age=31536000, max-age=63072000

content-encoding

gzip

x-content-type-options

nosniff

paypal-debug-id

eec81368aa153

server-timing

content-encoding;desc="gzip",x-cdn;desc="akamai"

dc

ccg11-origin-www-1.paypal.com

vary

Accept-Encoding

content-length

19372

etag

W/"628e7946-dec7"

last-modified

Wed, 25 May 2022 18:45:26 GMT

date

Thu, 26 May 2022 21:35:58 GMT

access-control-max-age

86400

access-control-allow-methods

GET

content-type

application/javascript

access-control-allow-origin

*

cache-control

public, max-age=86400, s-maxage=31536000

access-control-allow-credentials

false

timing-allow-origin

https://www.paypal.com,https://www.sandbox.paypal.com, *

expires

Fri, 27 May 2022 21:35:58 GMT

Referer

https://www.paypal.com/smart/buttons?sdkVersion=5.0.315&style.layout=vertical&style.color=gold&style.shape=rect&style.tagline=false&style.menuPlacement=below&components.0=buttons&locale.country=US&locale.lang=en&sdkMeta=eyJ1cmwiOiJodHRwczovL3d3dy5wYXlwYWwuY29tL3Nkay9qcz9jbGllbnQtaWQ9QVdqY2l6TW9SZk1mY053NldZV3RVLWpfNlVJd2NJQjhHRVoxbmhXYnFtaU4tcndUcThzMVI0bDRyTGd4QWJxUXZtZlZyVmdoR3ZRMlcxMFomY3VycmVuY3k9VVNEJmNvbW1pdD1mYWxzZSIsImF0dHJzIjp7ImRhdGEtdWlkIjoidWlkX3JpZXJ2Zmxva3lzb3N4ZGlzZXd5d2ZycWNjeXB6cyJ9fQ&clientID=AWjcizMoRfMfcNw6WYWtU-j_6UIwcIB8GEZ1nhWbqmiN-rwTq8s1R4l4rLgxAbqQvmfVrVghGvQ2W10Z&sdkCorrelationID=f5641575bc4eb&storageID=uid_fa047aa10f_mje6mzu6ntc&sessionID=uid_6c0abb08ee_mje6mzu6ntc&buttonSessionID=uid_65d0111093_mje6mzu6ntc&env=production&buttonSize=huge&fundingEligibility=eyJwYXlwYWwiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6ZmFsc2V9LCJwYXlsYXRlciI6eyJlbGlnaWJsZSI6ZmFsc2UsInByb2R1Y3RzIjp7InBheUluMyI6eyJlbGlnaWJsZSI6ZmFsc2UsInZhcmlhbnQiOm51bGx9LCJwYXlJbjQiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfSwicGF5bGF0ZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXJpYW50IjpudWxsfX19LCJjYXJkIjp7ImVsaWdpYmxlIjp0cnVlLCJicmFuZGVkIjp0cnVlLCJpbnN0YWxsbWVudHMiOmZhbHNlLCJ2ZW5kb3JzIjp7InZpc2EiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sIm1hc3RlcmNhcmQiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImFtZXgiOnsiZWxpZ2libGUiOnRydWUsInZhdWx0YWJsZSI6dHJ1ZX0sImRpc2NvdmVyIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiaGlwZXIiOnsiZWxpZ2libGUiOmZhbHNlLCJ2YXVsdGFibGUiOmZhbHNlfSwiZWxvIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfSwiamNiIjp7ImVsaWdpYmxlIjpmYWxzZSwidmF1bHRhYmxlIjp0cnVlfX0sImd1ZXN0RW5hYmxlZCI6ZmFsc2V9LCJ2ZW5tbyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJpdGF1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImNyZWRpdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJhcHBsZXBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzZXBhIjp7ImVsaWdpYmxlIjp0cnVlfSwiaWRlYWwiOnsiZWxpZ2libGUiOmZhbHNlfSwiYmFuY29udGFjdCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJnaXJvcGF5Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImVwcyI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJzb2ZvcnQiOnsiZWxpZ2libGUiOmZhbHNlfSwibXliYW5rIjp7ImVsaWdpYmxlIjpmYWxzZX0sInAyNCI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJ6aW1wbGVyIjp7ImVsaWdpYmxlIjpmYWxzZX0sIndlY2hhdHBheSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJwYXl1Ijp7ImVsaWdpYmxlIjpmYWxzZX0sImJsaWsiOnsiZWxpZ2libGUiOmZhbHNlfSwidHJ1c3RseSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJveHhvIjp7ImVsaWdpYmxlIjpmYWxzZX0sIm1heGltYSI6eyJlbGlnaWJsZSI6ZmFsc2V9LCJib2xldG8iOnsiZWxpZ2libGUiOmZhbHNlfSwibWVyY2Fkb3BhZ28iOnsiZWxpZ2libGUiOmZhbHNlfSwibXVsdGliYW5jbyI6eyJlbGlnaWJsZSI6ZmFsc2V9fQ&platform=desktop&experiment.enableVenmo=false&experiment.disablePaylater=false&experiment.enableVenmoAppLabel=false&flow=purchase&currency=USD&intent=capture&commit=false&vault=false&renderedButtons.0=paypal&renderedButtons.1=sepa&renderedButtons.2=card&debug=false&applePaySupport=false&supportsPopups=true&supportedNativeBrowser=false&experience=&allowBillingPayments=true

accept-language

de-DE,de;q=0.9

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Content-Type

application/json

date

Thu, 26 May 2022 21:35:58 GMT

via

1.1 varnish

x-content-type-options

nosniff

x-cache

MISS

paypal-debug-id

f7247151b727f

server-timing

content-encoding;desc="",x-cdn;desc="fastly"

dc

ccg11-origin-www-1.paypal.com

x-served-by

cache-hhn4047-HHN

x-timer

S1653600958.353664,VS0,VE207

etag

W/W/"400-l+rjax1E1LPErHBrsD2c8BQb/yA"

vary

Accept-Encoding

strict-transport-security

max-age=63072000; includeSubDomains; preload

content-type

application/json; charset=utf-8

access-control-allow-origin

https://www.paypal.com

content-encoding

br

cache-control

max-age=0, no-cache, no-store, must-revalidate

access-control-allow-credentials

true

accept-ranges

none

x-cache-hits

0

Referer

https://www.paypal.com/

Upgrade-Insecure-Requests

1

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

accept-language

de-DE,de;q=0.9

cache-control

max-age=0, no-cache, no-store, must-revalidate

content-length

160

content-security-policy-report-only

default-src 'self' https://*.paypal.com https://*.paypalobjects.com; script-src 'self' https://*.paypal.com https://*.paypalobjects.com https://*.paypalinc.com https://www.facebook.com 'unsafe-eval' 'unsafe-inline' blob:; connect-src 'self' https://*.paypal.com; style-src 'self' https://*.paypal.com https://*.paypalobjects.com 'unsafe-inline'; font-src 'self' https://*.paypal.com https://*.paypalobjects.com data:; img-src 'self' https: data:; form-action 'self' https://*.paypal.com; base-uri 'self' https://*.paypal.com; object-src 'self' https://*.paypal.com https://*.paypalobjects.com; report-uri https://www.paypal.com/csplog/api/log/csp

content-type

text/html;charset=UTF-8

correlation-id

c4b72814ec517

date

Thu, 26 May 2022 21:35:58 GMT

paypal-debug-id

c4b72814ec517

server-timing

content-encoding;desc="",x-cdn;desc="akamai"

strict-transport-security

max-age=63072000

timing-allow-origin

*

x-content-type-options

nosniff

x-xss-protection

1; mode=block

accept-language

de-DE,de;q=0.9

Referer

https://www.paypal.com/

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Date

Thu, 26 May 2022 21:35:58 GMT

Server

PayPal-B.Stats/1.0

Connection

close

Content-Length

42

Content-Type

image/jpeg

Redirect headers

Location

https://dub.stats.paypal.com/v2/counter2.cgi?p=uid_6c0abb08ee_mje6mzu6ntc&s=SMART_PAYMENT_BUTTONS

Date

Thu, 26 May 2022 21:35:58 GMT

Server

PayPal-B.Stats/1.0

Connection

close

Content-Length

0

Content-Type

application/octet-stream

accept-language

de-DE,de;q=0.9

Referer

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

strict-transport-security

max-age=31536000, max-age=63072000

content-encoding

gzip

x-content-type-options

nosniff

paypal-debug-id

eec81368aa153

server-timing

content-encoding;desc="gzip",x-cdn;desc="akamai"

dc

ccg11-origin-www-1.paypal.com

vary

Accept-Encoding

content-length

19372

etag

W/"628e7946-dec7"

last-modified

Wed, 25 May 2022 18:45:26 GMT

date

Thu, 26 May 2022 21:35:58 GMT

access-control-max-age

86400

access-control-allow-methods

GET

content-type

application/javascript

access-control-allow-origin

*

cache-control

public, max-age=86400, s-maxage=31536000

access-control-allow-credentials

false

timing-allow-origin

https://www.paypal.com,https://www.sandbox.paypal.com, *

expires

Fri, 27 May 2022 21:35:58 GMT

Referer

https://c.paypal.com/v1/r/d/i?js_src=https://c.paypal.com/da/r/fb.js

accept-language

de-DE,de;q=0.9

User-Agent

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Content-Type

application/json

date

Thu, 26 May 2022 21:35:59 GMT

correlation-id

9e2c55675678b

p3p

policyref="/w3c/p3p.xml", CP="NON DSP COR ADM OUR IND COM"

strict-transport-security

max-age=63072000

content-type

application/json

paypal-debug-id

9e2c55675678b

cache-control

max-age=0, no-cache, no-store, must-revalidate

server-timing

content-encoding;desc="",x-cdn;desc="akamai"

timing-allow-origin

*

content-length

125