urlscan.io logo urlscan.io
SecurityTrails logo

www.hsabank.com Open in urlscan Pro
70.37.166.146  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://click.emails.hsabank.com/?qs=637179f7cd9390bfc613cfcc9870790522227795a71fa01f2f60eaed571d226f44195fbd226620d595ca9beffaf2...
Effective URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&...
Submission: On August 09 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 15 IPs in 3 countries across 12 domains to perform 40 HTTP transactions. The main IP is 70.37.166.146, located in San Antonio, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.hsabank.com. The Cisco Umbrella rank of the primary domain is 250846.
TLS certificate: Issued by Entrust Certification Authority - L1K on March 6th 2023. Valid for: a year.
This is the only time www.hsabank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    13.111.23.196 (United States)

ASN22606 (EXACT-7, US)
PTR: click.emails.hsabank.com
click.emails.hsabank.com
13    70.37.166.146 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.hsabank.com
1    2a00:1450:4001:829::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
2    34.197.109.29 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-109-29.compute-1.amazonaws.com
7298557.collect.igodigital.com
nova.collect.igodigital.com
1    2600:9000:237d:3200:1:fb61:2b80:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.levelaccess.net
3    2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
region1.google-analytics.com
2    2a00:1450:400c:c04::9c (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
4    2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
netdna.bootstrapcdn.com
1    2600:1f18:4457:4601:d295:40ab:166b:a940 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
api.levelaccess.net
Apex Domain
Subdomains		 Transfer
14 hsabank.com
click.emails.hsabank.com — Cisco Umbrella Rank: 626411
www.hsabank.com — Cisco Umbrella Rank: 250846
1 MB
4 gstatic.com
fonts.gstatic.com
62 KB
3 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2770
www.google.com — Cisco Umbrella Rank: 3
716 B
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 54
region1.google-analytics.com — Cisco Umbrella Rank: 2069
21 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 65
245 KB
3 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 986
netdna.bootstrapcdn.com — Cisco Umbrella Rank: 4444
27 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 170
134 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 5933
515 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 114
405 B
2 levelaccess.net
cdn.levelaccess.net — Cisco Umbrella Rank: 14238
api.levelaccess.net — Cisco Umbrella Rank: 14587
62 KB
2 igodigital.com
7298557.collect.igodigital.com — Cisco Umbrella Rank: 382490
nova.collect.igodigital.com — Cisco Umbrella Rank: 5683
3 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 67
2 KB
40 12
Domain Requested by
13 www.hsabank.com www.hsabank.com
4 fonts.gstatic.com fonts.googleapis.com
3 www.googletagmanager.com www.hsabank.com
www.googletagmanager.com
www.google-analytics.com
2 connect.facebook.net www.hsabank.com
connect.facebook.net
2 netdna.bootstrapcdn.com www.hsabank.com
netdna.bootstrapcdn.com
2 www.google.de www.hsabank.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 region1.analytics.google.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 api.levelaccess.net cdn.levelaccess.net
1 nova.collect.igodigital.com www.hsabank.com
1 www.google.com www.hsabank.com
1 region1.google-analytics.com www.googletagmanager.com
1 cdn.levelaccess.net www.hsabank.com
1 7298557.collect.igodigital.com www.hsabank.com
1 maxcdn.bootstrapcdn.com www.hsabank.com
1 fonts.googleapis.com www.hsabank.com
1 click.emails.hsabank.com 1 redirects
40 18
Subject Issuer Validity Valid
www.hsabank.com
Entrust Certification Authority - L1K		 2023-03-06 -
2024-03-17		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
*.collect.igodigital.com
Amazon RSA 2048 M02		 2023-02-21 -
2024-01-13		 a year crt.sh
cdn.levelaccess.net
Amazon RSA 2048 M02		 2023-03-01 -
2024-01-28		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-07-10 -
2023-10-02		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-05-19 -
2023-08-17		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-07-17 -
2023-10-09		 3 months crt.sh
api.levelaccess.net
Amazon RSA 2048 M02		 2023-03-01 -
2024-01-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Frame ID: 37C60CAC0CA2E885E4ACBF9864E483BE
Requests: 40 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Tips to Navigate Your Journey - HSA Bank

Page URL History Show full URLs

  1. https://click.emails.hsabank.com/?qs=637179f7cd9390bfc613cfcc9870790522227795a71fa01f2f60eaed571d226f44195fbd... HTTP 302
    https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Aler... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

40
Requests

100 %
HTTPS

81 %
IPv6

12
Domains

18
Subdomains

15
IPs

3
Countries

2049 kB
Transfer

3751 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.emails.hsabank.com/?qs=637179f7cd9390bfc613cfcc9870790522227795a71fa01f2f60eaed571d226f44195fbd226620d595ca9beffaf2482c32ac87f835e5a5de HTTP 302
    https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request tips-to-navigate-your-journey
www.hsabank.com/hsabank/campaign/
Redirect Chain
  • https://click.emails.hsabank.com/?qs=637179f7cd9390bfc613cfcc9870790522227795a71fa01f2f60eaed571d226f44195fbd226620d595ca9beffaf2482c32ac87f835e5a5de
  • https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityi...
43 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
94f538b99ce7ff14076cf17c7f321c86b7b193ba2fe8544ecfc6a78c0f597547
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
13022
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
text/html; charset=utf-8
Date
Wed, 09 Aug 2023 21:35:38 GMT
Expires
-1
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN

Redirect headers

Cache-Control
private
Connection
close
Content-Length
392
Content-Type
text/html; charset=utf-8
Date
Wed, 09 Aug 2023 21:35:37 GMT
Location
https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email#q9
bootstrapmin.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/ 		118 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/bootstrapmin.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 21:35:38 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="bootstrapmin.css"
Content-Length
27680
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Apr 2020 17:48:44 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
css2
fonts.googleapis.com/ 		24 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ecf9b91bc7dcf04ab8641def6e787125e51c930b171fc59b7454c20f6df641dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 09 Aug 2023 21:35:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 21:35:38 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 09 Aug 2023 21:35:38 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 21:35:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
722
age
2657959
cdn-cachedat
11/18/2022 06:18:29
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"269550530cc127b6aa5a35925a7de6ce"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
86fd96f5aa4c1b4ae340363f44e3ac4f
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
7f43214bbd174d61-FRA
cdn-requestpullsuccess
True
style.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/ 		87 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d7a229a58c6420f329f8dca6dc343ba08ad13c42fae2ca4ccf948a3da791e91d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 21:35:38 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="style.css"
Content-Length
23954
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 07 Mar 2023 18:27:29 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
tips-to-navigate-header-2.jpg
www.hsabank.com/hsabank/campaign/~/Media/Images/Mobile_Responsive_2017/2017/campaign/tips-to-navigate-your-journey/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/campaign/~/Media/Images/Mobile_Responsive_2017/2017/campaign/tips-to-navigate-your-journey/tips-to-navigate-header-2.jpg
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f7e05ee83e43ec8e1aa344b178d645de8c5b93299deada745396ec9c8d53faba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:38 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 22 Jul 2020 15:02:54 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="tips-to-navigate-header-2.jpg"
Accept-Ranges
bytes
Content-Length
1162888
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
tips-page-banner-image
www.hsabank.com/hsabank/campaign/~/media/Images/Mobile_Responsive_2017/2017/campaign/tips-to-navigate-your-journey/ 		84 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/campaign/~/media/Images/Mobile_Responsive_2017/2017/campaign/tips-to-navigate-your-journey/tips-page-banner-image
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
63f59c90e65a6c2ea5b83ef22ae61ebaff0eda581a27554c6c2f508890c30a20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:39 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 24 Jul 2020 14:04:49 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="tips-page-banner-image.jpg"
Accept-Ranges
bytes
Content-Length
86411
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
collect.js
7298557.collect.igodigital.com/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://7298557.collect.igodigital.com/collect.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.109.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-109-29.compute-1.amazonaws.com
Software
/
Resource Hash
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 21:35:39 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 15:35:20 GMT
vary
Accept-Encoding
content-type
application/javascript
access.js
cdn.levelaccess.net/accessjs/YW1wMTEwNDI/ 		462 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:3200:1:fb61:2b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a12eb2a6e59466c082974c40b97729e552f34ce11641e22697a92fc20f99d009

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id
t07hXre7uOIQoPQ7KnhB7TpRnGtAZeAl
Content-Encoding
gzip
Via
1.1 902186b72e1ae6ba0d22c4a6abfcf004.cloudfront.net (CloudFront)
Date
Wed, 09 Aug 2023 21:35:38 GMT
X-Amz-Cf-Pop
MUC50-P2
Age
17
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
62540
Last-Modified
Sat, 03 Jun 2023 02:14:14 GMT
Server
AmazonS3
ETag
"77074e7790604aad9d16231e09882ddf"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Accept-Ranges
bytes
X-Amz-Cf-Id
uJflht_beyLtwtppf-4oEks26YX1uaGzA1SRCmyh5duHIbPh5gLHXg==
SITE.js
www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/ 		360 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/SITE.js?v=1.07
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Wed, 09 Aug 2023 21:35:38 GMT
Transfer-Encoding
chunked
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="SITE.js"
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 08 Sep 2022 19:00:47 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
gtm.js
www.googletagmanager.com/ 		223 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d238f68665f2739431f7c7484e564159c623f265222a7dd5dc1a9f5277e78b2e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 21:35:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
74284
x-xss-protection
0
last-modified
Wed, 09 Aug 2023 21:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 09 Aug 2023 21:35:38 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 09 Aug 2023 19:44:23 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
6675
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 09 Aug 2023 21:44:23 GMT
js
www.googletagmanager.com/gtag/ 		275 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6114a151277e1b201b643a34dc3476f28e02b6da0fbc4ef4e919bdd359f21d46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 21:35:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
92269
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 09 Aug 2023 21:35:38 GMT
glyphicons-halflings-regular.woff2
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/bootstrapmin.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/bootstrapmin.css
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:39 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Apr 2020 17:48:49 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
application/octet-stream
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
attachment; filename="glyphicons-halflings-regular.woff2"
Accept-Ranges
bytes
Content-Length
18028
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
collect
www.google-analytics.com/j/ 		16 B
222 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=989164491&t=pageview&_s=1&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail&ul=en-us&de=UTF-8&dt=Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=613886199&gjid=119464243&cid=875749569.1691616939&tid=UA-187387-6&_gid=1797854229.1691616939&_r=1&_slc=1&gtm=45He3870n81PZV52K3&z=927895994
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
b96dcb097483da0b18b008f2db44bebca6500b3ba72b30c288a99367994368f4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 21:35:38 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3870&_p=989164491&_gaz=1&cid=875749569.1691616939&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691616939&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail&dt=Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 21:35:39 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
56 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=875749569.1691616939&gtm=45je3870&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 21:35:39 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=875749569.1691616939&gtm=45je3870&aip=1&z=942070925
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 21:35:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-187387-6&cid=875749569.1691616939&jid=613886199&gjid=119464243&_gid=1797854229.1691616939&_u=YEBAAEAAAAAAACAAI~&z=2047363250
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c04::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Wed, 09 Aug 2023 21:35:39 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		246 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-RG6VSFH6XG&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f80aa90b634167a432d828e9522b78ba411b82a0be56769d6d930d7cd7c360b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 21:35:39 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
84212
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 09 Aug 2023 21:35:39 GMT
bootstrap-glyphicons.css
netdna.bootstrapcdn.com/bootstrap/3.0.0/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-glyphicons.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 21:35:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
632, 617, 617
age
2656639
cdn-cachedat
2021-06-08 18:49:13
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:55 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
117cf68f2e117ed0c0818897f6461b78
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
7f43214d3e8b4d61-FRA
cdn-requestpullsuccess
True
collect
region1.google-analytics.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-RG6VSFH6XG&gtm=45je3870&_p=989164491&ul=en-us&sr=1600x1200&cid=875749569.1691616939&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EBAI&ngs=1&_s=1&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail&dt=Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank&sid=1691616939&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-RG6VSFH6XG&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 21:35:39 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=875749569.1691616939&jid=613886199&_u=YEBAAEAAAAAAACAAI~&z=951598731
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 21:35:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=875749569.1691616939&jid=613886199&_u=YEBAAEAAAAAAACAAI~&z=951598731
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 21:35:39 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ 		172 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 09 Aug 2023 21:35:39 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
47151
x-xss-protection
0
pragma
public
x-fb-debug
e+4AkCnhOwCfumtldj6jhWsbWIUfUtf5G06OhGvNi5q8lyuouJ6R5d773PzS3u71mXIM5/IDdRY2eu4gq186BA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Thu, 03 Aug 2023 03:46:14 GMT
x-content-type-options
nosniff
age
582565
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15700
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:51:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 02 Aug 2024 03:46:14 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Fri, 04 Aug 2023 04:06:52 GMT
x-content-type-options
nosniff
age
494927
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Aug 2024 04:06:52 GMT
KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Sat, 05 Aug 2023 13:37:19 GMT
x-content-type-options
nosniff
age
374300
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15860
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 04 Aug 2024 13:37:19 GMT
ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Fri, 04 Aug 2023 05:38:50 GMT
x-content-type-options
nosniff
age
489409
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15660
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:42:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 03 Aug 2024 05:38:50 GMT
tertiary-green-line.jpg
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 		12 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tertiary-green-line.jpg
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:38 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 08 Jun 2021 13:26:47 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="tertiary-green-line.jpg"
Accept-Ranges
bytes
Content-Length
12233
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
facebook-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		320 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/facebook-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:39 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="facebook-grey.png"
Accept-Ranges
bytes
Content-Length
320
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
twitter-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/twitter-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:39 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:16 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="twitter-grey.png"
Accept-Ranges
bytes
Content-Length
1821
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
linkedin-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		402 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/linkedin-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:39 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:15 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="linkedin-grey.png"
Accept-Ranges
bytes
Content-Length
402
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
youtube-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		389 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/youtube-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:39 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:19 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="youtube-grey.png"
Accept-Ranges
bytes
Content-Length
389
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
instagram-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/instagram-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f26166b8e10ee1addb81a52ab9f73f2e4706ded755b327ffc11ca093b9e93072
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Wed, 09 Aug 2023 21:35:39 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 06 Mar 2023 21:49:36 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="instagram-grey.png"
Accept-Ranges
bytes
Content-Length
4458
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
track_page_view
nova.collect.igodigital.com/c2/7298557/ 		43 B
353 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail%23q9%22%2C%22referrer%22%3A%22%22%7D
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.197.109.29 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-197-109-29.compute-1.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-runtime
0.004015
date
Wed, 09 Aug 2023 21:35:39 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/gif
cache-control
private
content-transfer-encoding
binary
content-disposition
inline
x-xss-protection
1; mode=block
x-request-id
e204dac7-fec5-4fa3-b441-270ace381c3a
1686908524672324
connect.facebook.net/signals/config/ 		305 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1686908524672324?v=2.9.121&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a5726131bf17864ada564ddd992c5c80bfbf4c8b7fe4aaf3c6fce8d2c96c0d8d
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 09 Aug 2023 21:35:39 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
tZIqsedIJZasl20W9ruVxd0tJ5UBVmcC/WdKegzsuBFHou1cXZEzzBFcO2GELjSgKk7At2yiFUH+SV9120k0WQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
glyphicons-halflings-regular.woff
netdna.bootstrapcdn.com/bootstrap/3.0.0/fonts/ 		16 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/bootstrap/3.0.0/fonts/glyphicons-halflings-regular.woff
Requested by
Host: netdna.bootstrapcdn.com
URL: https://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-glyphicons.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
71c12656535e99119c2a952c10554cd6f47c6923d2d96155a7833276e68992af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-glyphicons.css
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date
Wed, 09 Aug 2023 21:35:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
864
age
217162
cdn-cachedat
02/05/2023 21:18:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
16448
last-modified
Mon, 25 Jan 2021 22:03:55 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
"7c4cbe928205c888831ba76548563ca3"
vary
Accept-Encoding
content-type
font/woff
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
ea4677d9404858943e360addc0c79867
accept-ranges
bytes
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
7f432155ae441c22-FRA
cdn-requestpullsuccess
True
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3870&_p=989164491&cid=875749569.1691616939&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1691616939&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail&dt=Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank&en=utms_hsab&ep.utm_medium=email&ep.utm_source=sfmc&ep.utm_content=688948&ep.utm_term=Alerts-link-standard-30&ep.utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&ep.url_subdirectory_2=tips-to-navigate-your-journey&ep.url_directory=hsabank&ep.e_category=campaign&_et=2
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 09 Aug 2023 21:35:40 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
results
api.levelaccess.net/analytics/3.0/ 		0
321 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.levelaccess.net/analytics/3.0/results
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4457:4601:d295:40ab:166b:a940 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 09 Aug 2023 21:35:43 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady function| fbq function| _fbq object| _etmc object| _etmc_temp string| func_name object| args string| collect_url object| $jscomp function| $jscomp$lookupPolyfilledValue object| LevelAccess_AccessJS_AccessEngine object| LevelAccess_AccessJS_FixPackage object| LevelAccess_AccessJS_OrgDetails object| LevelAccess_AccessJS string| AccNamePrototypeNameSpace object| LevelAccess_CalcNames string| activeTabName string| currentPageId object| breakpointChange function| isBlank function| scrollToElement function| init_nav function| init_carousels function| activateTabAndPane function| init_audience_tabs function| deactivateAudienceTabs object| SiteData function| createCountDownClock function| checkCountDownPageURL function| checkForCountdownCookie function| createCountdownCookie function| closeCookie function| List function| ResCarouselOnInit function| ResCarouselSlide function| ResCarouselResize function| ResCarouselSize function| ResCarousel function| ResCarouselLoad1 function| resCarouselAnimator function| $ function| jQuery function| Cookies object| html5 object| Modernizr object| core object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| is function| ScrollMagic object| picturefillCFG function| picturefill object| AK

6 Cookies

Domain/Path Name / Value
.hsabank.com/ Name: _gid
Value: GA1.2.1797854229.1691616939
.hsabank.com/ Name: _gat_gtmtrack
Value: 1
.hsabank.com/ Name: _ga
Value: GA1.1.875749569.1691616939
.hsabank.com/ Name: _ga_RG6VSFH6XG
Value: GS1.2.1691616939.1.0.1691616939.0.0.0
www.hsabank.com/ Name: qs
Value: ?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email
.hsabank.com/ Name: _ga_HR1XKMEB6P
Value: GS1.1.1691616939.1.0.1691616940.59.0.0

238 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 183)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3870&_p=989164491&_gaz=1&cid=875749569.1691616939&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691616939&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail&dt=Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 183)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3870&_p=989164491&_gaz=1&cid=875749569.1691616939&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1691616939&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail&dt=Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 183)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=875749569.1691616939&gtm=45je3870&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 183)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=875749569.1691616939&gtm=45je3870&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email#q9
Message:
[Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=875749569.1691616939&gtm=45je3870&aip=1&z=942070925' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
security error URL: https://www.google-analytics.com/analytics.js(Line 35)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-187387-6&cid=875749569.1691616939&jid=613886199&gjid=119464243&_gid=1797854229.1691616939&_u=YEBAAEAAAAAAACAAI~&z=2047363250' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email#q9
Message:
[Report Only] Refused to load the image 'https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=875749569.1691616939&jid=613886199&_u=YEBAAEAAAAAAACAAI~&z=951598731' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
security error URL: https://www.hsabank.com/hsabank/campaign/tips-to-navigate-your-journey?utm_source=sfmc&utm_term=Alerts-link-standard-30&utm_content=688948&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=5e781e12-aa3c-4fa6-bb51-6bda016950bc&utm_medium=email#q9
Message:
[Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=875749569.1691616939&jid=613886199&_u=YEBAAEAAAAAAACAAI~&z=951598731' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
network error URL: https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail%23q9%22%2C%22referrer%22%3A%22%22%7D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 183)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3870&_p=989164491&cid=875749569.1691616939&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1691616939&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail&dt=Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank&en=utms_hsab&ep.utm_medium=email&ep.utm_source=sfmc&ep.utm_content=688948&ep.utm_term=Alerts-link-standard-30&ep.utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&ep.url_subdirectory_2=tips-to-navigate-your-journey&ep.url_directory=hsabank&ep.e_category=campaign&_et=2' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 183)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3870&_p=989164491&cid=875749569.1691616939&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1691616939&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Fcampaign%2Ftips-to-navigate-your-journey%3Futm_source%3Dsfmc%26utm_term%3DAlerts-link-standard-30%26utm_content%3D688948%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3D5e781e12-aa3c-4fa6-bb51-6bda016950bc%26utm_medium%3Demail&dt=Tips%20to%20Navigate%20Your%20Journey%20-%20HSA%20Bank&en=utms_hsab&ep.utm_medium=email&ep.utm_source=sfmc&ep.utm_content=688948&ep.utm_term=Alerts-link-standard-30&ep.utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&ep.url_subdirectory_2=tips-to-navigate-your-journey&ep.url_directory=hsabank&ep.e_category=campaign&_et=2' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7298557.collect.igodigital.com
api.levelaccess.net
cdn.levelaccess.net
click.emails.hsabank.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
nova.collect.igodigital.com
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.hsabank.com
13.111.23.196
2001:4860:4802:32::36
2600:1f18:4457:4601:d295:40ab:166b:a940
2600:9000:237d:3200:1:fb61:2b80:93a1
2606:4700::6812:acf
2606:4700::6812:bcf
2a00:1450:4001:800::2008
2a00:1450:4001:813::200e
2a00:1450:4001:81c::2003
2a00:1450:4001:827::2004
2a00:1450:4001:829::2003
2a00:1450:4001:829::200a
2a00:1450:400c:c04::9c
2a03:2880:f083:9:face:b00c:0:3
34.197.109.29
70.37.166.146
309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
6114a151277e1b201b643a34dc3476f28e02b6da0fbc4ef4e919bdd359f21d46
63f59c90e65a6c2ea5b83ef22ae61ebaff0eda581a27554c6c2f508890c30a20
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
71c12656535e99119c2a952c10554cd6f47c6923d2d96155a7833276e68992af
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
94f538b99ce7ff14076cf17c7f321c86b7b193ba2fe8544ecfc6a78c0f597547
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9b78354357bc04de9fa52562968bad64ef1311b665cc6ea927d2ec08bcc82cd8
a12eb2a6e59466c082974c40b97729e552f34ce11641e22697a92fc20f99d009
a5726131bf17864ada564ddd992c5c80bfbf4c8b7fe4aaf3c6fce8d2c96c0d8d
b96dcb097483da0b18b008f2db44bebca6500b3ba72b30c288a99367994368f4
bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb
c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66
d238f68665f2739431f7c7484e564159c623f265222a7dd5dc1a9f5277e78b2e
d7a229a58c6420f329f8dca6dc343ba08ad13c42fae2ca4ccf948a3da791e91d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a
ecf9b91bc7dcf04ab8641def6e787125e51c930b171fc59b7454c20f6df641dd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f26166b8e10ee1addb81a52ab9f73f2e4706ded755b327ffc11ca093b9e93072
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7e05ee83e43ec8e1aa344b178d645de8c5b93299deada745396ec9c8d53faba
f80aa90b634167a432d828e9522b78ba411b82a0be56769d6d930d7cd7c360b4
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c