www.carmax.com Open in urlscan Pro
2a02:26f0:6c00:183::1c4e Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://carmax.com/
Effective URL:
https://www.carmax.com/
Submission: On February 12 via manual (February 12th 2020, 2:38:48 pm UTC) from US

Summary HTTP 47 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 14 IPs in 8 countries across 13 domains to perform 47 HTTP transactions. The main IP is 2a02:26f0:6c00:183::1c4e, located in Ascension Island and belongs to AKAMAI-ASN1, US. The main domain is www.carmax.com.
TLS certificate: Issued by GeoTrust RSA CA 2018 on February 7th 2020. Valid for: 10 months.

This is the only time www.carmax.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	63.116.28.180 63.116.28.180	16983 (AS16983) (AS16983)
28	2a02:26f0:6c0... 2a02:26f0:6c00:183::1c4e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	23.210.248.45 23.210.248.45	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.0.36.169 23.0.36.169	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a01:4a0:1338... 2a01:4a0:1338:28::c38a:ff0a	201011 (NETZBETRI...) (NETZBETRIEB-GMBH)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	2a02:26f0:6c0... 2a02:26f0:6c00:185::1c4e	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE)
2	3.248.168.38 3.248.168.38	16509 (AMAZON-02) (AMAZON-02)
1 1	2a00:1450:400... 2a00:1450:400c:c00::9c	15169 (GOOGLE) (GOOGLE)
1 1	2a00:1450:400... 2a00:1450:4001:820::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:820::2003	15169 (GOOGLE) (GOOGLE)
1	52.213.115.189 52.213.115.189	16509 (AMAZON-02) (AMAZON-02)
1	15.188.31.119 15.188.31.119	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	2a02:26f0:6c0... 2a02:26f0:6c00:184::11a6	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	51.140.6.23 51.140.6.23	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
47	14

1 63.116.28.180 (United States) 1 redirects

ASN16983 (AS16983, US)

carmax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

28 2a02:26f0:6c00:183::1c4e (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

www.carmax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.carmax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.210.248.45 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-45.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.0.36.169 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-0-36-169.deploy.static.akamaitechnologies.com

s.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a01:4a0:1338:28::c38a:ff0a (Germany)

ASN201011 (NETZBETRIEB-GMBH, DE)

ds-aksb-a.akamaihd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

az416426.vo.msecnd.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:185::1c4e (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

api.carmax.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.248.168.38 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-248-168-38.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c00::9c (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:820::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.213.115.189 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-213-115-189.eu-west-1.compute.amazonaws.com

carmaxbusinessservicesllc.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.188.31.119 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

carmax.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:184::11a6 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

c.go-mpulse.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.140.6.23 (London, United Kingdom)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

dc.services.visualstudio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
30	carmax.com 1 redirects carmax.com www.carmax.com api.carmax.com	1 MB
3	demdex.net dpm.demdex.net carmaxbusinessservicesllc.demdex.net	2 KB
3	adobedtm.com assets.adobedtm.com	118 KB
2	visualstudio.com dc.services.visualstudio.com	1 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	go-mpulse.net s.go-mpulse.net c.go-mpulse.net	52 KB
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	omtrdc.net carmax.sc.omtrdc.net	309 B
1	google.de www.google.de	109 B
1	google.com 1 redirects www.google.com	179 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	167 B
1	msecnd.net az416426.vo.msecnd.net	32 KB
1	akamaihd.net ds-aksb-a.akamaihd.net	5 KB
47	13

	Domain	Requested by
27	www.carmax.com	www.carmax.com az416426.vo.msecnd.net
3	assets.adobedtm.com	www.carmax.com assets.adobedtm.com
2	dc.services.visualstudio.com	az416426.vo.msecnd.net www.carmax.com
2	dpm.demdex.net	assets.adobedtm.com www.carmax.com
2	www.google-analytics.com	1 redirects assets.adobedtm.com
2	api.carmax.com	www.carmax.com
1	c.go-mpulse.net	s.go-mpulse.net
1	cm.everesttech.net	1 redirects
1	carmax.sc.omtrdc.net	assets.adobedtm.com
1	carmaxbusinessservicesllc.demdex.net	assets.adobedtm.com
1	www.google.de	www.carmax.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	az416426.vo.msecnd.net	www.carmax.com
1	ds-aksb-a.akamaihd.net	www.carmax.com
1	s.go-mpulse.net	www.carmax.com
1	carmax.com	1 redirects
47	17

This site contains links to these domains. Also see Links.

Domain
itunes.apple.com
play.google.com
facebook.com
twitter.com
socialresponsibility.carmax.com
foundation.carmax.com
careers.carmax.com
media.carmax.com
investors.carmax.com

Subject Issuer	Validity	Valid
www.carmax.com GeoTrust RSA CA 2018	`2020-02-07` - `2020-11-26`	10 months	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-10-22` - `2021-10-01`	2 years	crt.sh
akstat.io DigiCert SHA2 Secure Server CA	`2019-04-16` - `2020-06-14`	a year	crt.sh
a248.e.akamai.net DigiCert Secure Site ECC CA-1	`2019-08-13` - `2020-08-12`	a year	crt.sh
*.vo.msecnd.net Microsoft IT TLS CA 2	`2018-03-30` - `2020-03-30`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
www.google.de GTS CA 1O1	`2020-01-21` - `2020-04-14`	3 months	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2020-04-14`	a year	crt.sh
dc.services.visualstudio.com Microsoft IT TLS CA 5	`2019-11-18` - `2021-11-18`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://www.carmax.com/
Frame ID: AB528731FA7BE342915A82BA730F897D
Requests: 48 HTTP requests in this frame

Frame: https://carmaxbusinessservicesllc.demdex.net/dest5.html?d_nsid=0
Frame ID: 73E92C8E21E7E84E4A2C607FA2E6B51B
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://carmax.com/ HTTP 302
https://www.carmax.com/ Page URL

Detected technologies

Windows Server (Operating Systems) Expand

Overall confidence: 50%
Detected patterns

headers server /^Kestrel/i

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

headers server /^Kestrel/i

Kestrel (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /^Kestrel/i

IIS (Web Servers) Expand

Overall confidence: 50%
Detected patterns

headers server /^Kestrel/i

Adobe DTM (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/assets.adobedtm.com\//i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

47
Requests

94 %
HTTPS

47 %
IPv6

13
Domains

17
Subdomains

14
IPs

8
Countries

1715 kB
Transfer

3388 kB
Size

0
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://itunes.apple.com/us/app/carmax/id571044395?mt=8
Title:

Search URL Search Domain Scan URL

URL: https://play.google.com/store/apps/details?id=com.carmax.carmax
Title:

Search URL Search Domain Scan URL

URL: https://facebook.com/carmax
Title: CarMax Facebook

Search URL Search Domain Scan URL

URL: https://twitter.com/carmax
Title: CarMax Twitter

Search URL Search Domain Scan URL

URL: https://socialresponsibility.carmax.com/
Title: Social Responsibility

Search URL Search Domain Scan URL

URL: https://foundation.carmax.com/
Title: CarMax Foundation

Search URL Search Domain Scan URL

URL: https://careers.carmax.com/
Title: Search Jobs

Search URL Search Domain Scan URL

URL: http://media.carmax.com/
Title: Media Center

Search URL Search Domain Scan URL

URL: http://investors.carmax.com/
Title: Investor Relations

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://carmax.com/ HTTP 302
https://www.carmax.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 34

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1595044906&t=pageview&_s=1&dl=https%3A%2F%2Fwww.carmax.com%2F&ul=en-us&de=UTF-8&dt=CarMax%20-%20Browse%20used%20cars%20and%20new%20cars%20online&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEDAAUAB~&jid=1878062907&gjid=334267462&cid=1787979041.1581518292&tid=UA-187672-9&_gid=548450841.1581518292&_r=1&z=1171196310 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-187672-9&cid=1787979041.1581518292&jid=1878062907&_gid=548450841.1581518292&gjid=334267462&_v=j81&z=1171196310 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-187672-9&cid=1787979041.1581518292&jid=1878062907&_v=j81&z=1171196310 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-187672-9&cid=1787979041.1581518292&jid=1878062907&_v=j81&z=1171196310&slf_rd=1&random=3013031020

Request Chain 37

https://cm.everesttech.net/cm/dd?d_uuid=55593257846370003674384713407506382769 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XkQN0wAAAupISFL0

47 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.carmax.com/
Redirect Chain

https://carmax.com/
https://www.carmax.com/

61 KB
20 KB

431ms
402ms

Document
text/html

2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

1240dc9bb293d23e55a6245a9cf655ea241c76db72bbb347e2d9ca0f8083e1e1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

:method: GET
:authority: www.carmax.com
:scheme: https
:path: /
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: document
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

status: 200
content-type: text/html; charset=utf-8
content-encoding: gzip
vary: Accept-Encoding
server: Kestrel
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
x-powered-by: ASP.NET
kmxgeodata: zip=,lat=50.48,long=12.37,country_code=DE,city=FALKENSTEIN,throughput=low,network=,network_type=,region_code=SN,timezone=GMT+1
timing-allow-origin: *
x-akamai-transformed: 9 18965 0 pmb=mTOE,3mRUM,4
date: Wed, 12 Feb 2020 14:38:11 GMT
content-length: 17843
set-cookie: KmxVisitor_0=Zip=04106&StoreId=6086&ZipDate=2/12/2020 2:38:11 PM&ZipConfirmed=False&VisitorID=5795e139-da90-4906-b4b5-ad93426ee892&IsFirstVisit=True&UsingStoreProxy=false; domain=.carmax.com; path=/; expires=Thu, 11-Feb-2021 14:38:11 GMT KmxSession_0=logOdds=-0.578767&logOddsA=-0.521432448&logOddsI=0.1488898; domain=.carmax.com; path=/ AKA_A2=A; expires=Wed, 12-Feb-2020 15:38:11 GMT; path=/; domain=carmax.com; secure; HttpOnly ak_bmsc=D0A8F1BCFE1958AD57B1FAB4DD1072F40210BB0786020000D30D445EB19A6775~pleMrefPRiP2RE+NOm9+FNOLDpJNNcTKKHpQxEDKENDbHbwphbH7FWepBRZGAAikJOXTQTwJFUec92kcIZxoTBVNqWEstNxwfk1R+Tnz07g3DAkLM1IL4KqBRo8wN6kzF9A3ou7YG1MnPbZlUBTLtRUPQ4ASUF+f62Zob/5hFOBozVl3px3T/4vkCkMmOXGgQ2hI9qYrA0pr0PTQUdF7bv1BNRIUEHc0GzzKmF520+u6o=; expires=Wed, 12 Feb 2020 16:38:11 GMT; max-age=7200; path=/; domain=.carmax.com; HttpOnly bm_mi=AF449D3BB297B9781D183A9D52E85F58~2zw0gjrXQJHFfP2okWF/9UaALs1ypaGm0HArTxhULvLnqUXxpKUnxIMo2jZL9J1UklaODRfo0XEvILE4TkKom3gsRw6J8TMvmDopFRw/Etj1273muEtB13WGppOdD9N1BBeakwSOUT9zEHyArkJiizxUytcUlh4cZ4fy7kHx/TiMHC8imdZj+L1Dvy6CY5lC0gnCa2DPD0Yicwu4MPBN70SGpMxeOA16LkuhLaC7LWw=; Domain=.carmax.com; Path=/; Max-Age=0; HttpOnly bm_sz=8A8A06D759D70C90D83812733CE1617C~YAAQB7sQAldnlyZwAQAA5QHWOQZiLtQW0c1rbhoWqyTGkwjSGYORWou5Q/zF7JU7cKGyAJ8stYdwro0k2e0upX/CPcDuSDD/l0olj9ozemHvJ+tUbLcTZQ084C+iT4B+cMg1mH8MnkINPf0SG+B3YIAftHpcEwPioHnArC5cBjX+sfdmMkGUQwgTQT3s7NDN; Domain=.carmax.com; Path=/; Expires=Wed, 12 Feb 2020 18:38:11 GMT; Max-Age=14400; HttpOnly _abck=4104CFD0604CA60ED1E7EC8BA86D9224~-1~YAAQB7sQAlhnlyZwAQAA5QHWOQOQuMLmK5Cb01Z35keqsRFGhCLOQR8q9Q0ghx+R75JJxFa3O41C3pLD2jVnONbpvIipel+9Oi1tXTUqWz2zB3EWTuEwPaM0Jq6bz6E326D4kmSYX+35chLQp3FlLVjc2fcM6/4irbSpSapVrJeam/9kXLwuDISLvX9aonO/Vkv8crRPRFNBT41aJzHMykzk7UbRUZXx8A9elBwDMhqAhPwviCaYfMafG76p8T2VVvqw2WLr7GO0/O6Wb+jryWOVjm4uj7ZMiERGNpvGDVaDa9CfPSRJcixs~-1~-1~-1; Domain=.carmax.com; Path=/; Expires=Thu, 11 Feb 2021 14:38:11 GMT; Max-Age=31536000; Secure
server-timing: cdn-cache; desc=MISS edge; dur=108 origin; dur=280
link: <https://www.google-analytics.com>;rel="preconnect",<https://assets.adobedtm.com>;rel="preconnect",<https://s.go-mpulse.net>;rel="preconnect",<https://az416426.vo.msecnd.net>;rel="preconnect"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000

Redirect headers

Location: https://www.carmax.com/
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

GET lato-v16-latin-regular.woff2
www.carmax.com/shared/fonts/ 0
0

GET CarMaxSharpSansDisp-Bold.woff2
www.carmax.com/shared/fonts/ 0
0

GET
H2 200 common.8ab3ecebd492195f53c9.css
www.carmax.com/home/dist/ 104 KB
13 KB 1ms
0ms Stylesheet
text/css 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/common.8ab3ecebd492195f53c9.css

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Akamai Resource Optimizer / ASP.NET

Resource Hash

897d5bfed0bb90f938895c09b2fe33fc1258065cf53af42950a1572fd5a024f7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=2
content-length: 12328
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
x-akamai-http2-push: 1
last-modified: Mon, 10 Feb 2020 18:18:31 GMT
server: Akamai Resource Optimizer
etag: "1d5e03a160cf6e9"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=14.57,long=121.03,country_code=PH,city=MAKATI,throughput=vhigh,network=,network_type=,region_code=,timezone=GMT+8, zip=,lat=41.33,long=19.82,country_code=AL,city=TIRANA,throughput=vhigh,network=,network_type=,region_code=,timezone=GMT+1
expires: Tue, 11 Feb 2020 17:52:26 GMT

GET
H2 200 home.4e298c984f9e001b49f1.css
www.carmax.com/home/dist/ 105 KB
12 KB 1ms
0ms Stylesheet
text/css 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/home.4e298c984f9e001b49f1.css

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Akamai Resource Optimizer / ASP.NET

Resource Hash

f09acdcff589a63ab53f62633ea59930381d9dd9d971da52dfeece47c8a706c9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 11392
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
x-akamai-http2-push: 1
last-modified: Mon, 10 Feb 2020 18:23:08 GMT
server: Akamai Resource Optimizer
etag: "1d5e03a160ccc75"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=36101-36121+36123-36125+36130-36135+36140-36142+36177+36191,lat=32.3667,long=-86.3002,country_code=US,city=MONTGOMERY,throughput=vhigh,network=charter,network_type=,region_code=AL,timezone=CST, zip=,lat=56.57,long=9.03,country_code=DK,city=SKIVE,throughput=vhigh,network=,network_type=,region_code=,timezone=GMT+1
expires: Tue, 11 Feb 2020 17:52:36 GMT

GET
H2 200 favorites.cc980763fa145687ad17.css
www.carmax.com/home/dist/ 7 KB
3 KB 2ms
0ms Stylesheet
text/css 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/favorites.cc980763fa145687ad17.css

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

0af0fee3789194720bc442571a8cd1bba9b3d43193f98cc04864b7ee41988308

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 2489
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
x-akamai-http2-push: 1
last-modified: Mon, 10 Feb 2020 17:46:56 GMT
server: Kestrel
etag: "1d5e03a160d7479"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=46201-46209+46211+46214+46216-46231+46234-46237+46239-46242+46244+46247+46249-46251+46253-46256+46259-46260+46262+46266+46268+46274-46275+46277-46278+46280+46282-46283+46285+46290-46291+46295-46296+46298,lat=39.7745,long=-86.1096,country_code=US,city=INDIANAPOLIS,throughput=low,network=att,network_type=,region_code=IN,timezone=EST, zip=,lat=50.12,long=8.68,country_code=DE,city=FRANKFURT,throughput=vhigh,network=mil,network_type=,region_code=HE,timezone=GMT+1
expires: Tue, 11 Feb 2020 17:52:41 GMT

GET
H2 200 ryls.a16bfc64cb4b00961db1.css
www.carmax.com/home/dist/ 2 KB
2 KB 2ms
0ms Stylesheet
text/css 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/ryls.a16bfc64cb4b00961db1.css

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

ff1a1bfc4d16edfb61642d45fbf15f80edc6ef0ff01bfdb4b79e2e38adf0fdda

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=26
content-length: 944
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
x-akamai-http2-push: 1
last-modified: Mon, 10 Feb 2020 17:46:56 GMT
server: Kestrel
etag: "1d5e03a160d6101"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: text/css
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=33301-33325+33328-33332+33334-33340+33345-33346+33348-33349+33351+33355+33359+33388+33394,lat=26.1210,long=-80.1281,country_code=US,city=FORTLAUDERDALE,throughput=low,network=tmobile,network_type=mobile,region_code=FL,timezone=EST, zip=,lat=50.12,long=8.68,country_code=DE,city=FRANKFURT,throughput=vhigh,network=mil,network_type=,region_code=HE,timezone=GMT+1
expires: Tue, 11 Feb 2020 17:52:36 GMT

GET
H2 200 494dcae3 Show response
www.carmax.com/akam/11/ 32 KB
11 KB 3478ms
3476ms Script
application/javascript 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/akam/11/494dcae3

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

e3126aaa9e13d76815669429c16441add25eac38572bee58d13cc3a1570293b8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=132
content-length: 10393
pragma: no-cache
last-modified: Thu, 02 May 2019 20:06:27 GMT
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "bc1fd2743e181fa010de6bcc2b9b14e9459e346d78b376f1bbe814bcf11488fb"
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: application/javascript
cache-control: max-age=0, no-cache, no-store
content-security-policy: upgrade-insecure-requests
timing-allow-origin: *
expires: Wed, 12 Feb 2020 14:38:11 GMT

GET
H2 200 main.css
www.carmax.com/shared/header-footer/full/css/ 48 KB
9 KB 2ms
0ms Stylesheet
text/css 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/shared/header-footer/full/css/main.css

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

08568e45b503ef7d9fdde60c435ba6ff4d5ed1cc4c2641fe99957e05e797017e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 8508
request-context: appId=cid-v1:10145438-aa4e-4870-8785-9a64ffe121ad
x-akamai-http2-push: 1
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
server: Microsoft-IIS/10.0
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=300
content-security-policy: upgrade-insecure-requests
timing-allow-origin: *

GET
H2 200 express-pickup.svg
www.carmax.com/home/images/shared/icons/ 1 KB
1 KB 3134ms
3131ms Image
image/svg+xml 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/shared/icons/express-pickup.svg

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

7706cdca720ba833e8fe244a95017e06ba1b9139b909355a02ccade8e94cb3cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=6
content-length: 609
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
etag: "1d5ddc5bc9d07b1"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: image/svg+xml
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:50 GMT

GET
H2 200 mobile-checklist.png
www.carmax.com/home/images/home/call-out/ 41 KB
42 KB 3153ms
3151ms Image
image/png 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/home/call-out/mobile-checklist.png

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

eb886fae1a7eab929e805cfa2c302ab375905a1c3b55f2bfe277c5b06af32769

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=9
content-length: 41898
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc9da0aa"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:51 GMT

GET
H2 200 our-sticker.png
www.carmax.com/home/images/home/story/ 267 KB
268 KB 203ms
201ms Image
image/png 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/home/story/our-sticker.png

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

d31cb59c8958cfe5aec7d7d01350dbbf8ee3bfe4c3081e56bcd29b3a50137ed6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=9
content-length: 273152
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc992800"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:27 GMT

GET
H2 200 no-haggle.png
www.carmax.com/home/images/home/story/ 90 KB
91 KB 3576ms
3574ms Image
image/png 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/home/story/no-haggle.png

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

1a1582512f89d23115755aafde8eccae6967a3320fc4ae8783a1f036a5b06cf5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=10
content-length: 92414
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc9c6bfe"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:28 GMT

GET
H2 200 change-your-mind.png
www.carmax.com/home/images/home/story/ 149 KB
150 KB 3938ms
3935ms Image
image/png 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/home/story/change-your-mind.png

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

3c516e01834685d3d1fd776b5b929c934604a23221bf56393286fc483e92d8f9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=9
content-length: 152481
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc9f50a1"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:28 GMT

GET
H2 200 AppStore.png
www.carmax.com/home/images/mobile-apps/ 24 KB
25 KB 4539ms
4537ms Image
image/png 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/mobile-apps/AppStore.png

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

68507f46cf992f0b65f3568cbe69c88f4d63dba3e4367a7db51f2f0506604790

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=9
content-length: 24950
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc9d6276"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:27 GMT

GET
H2 200 GooglePlay.png
www.carmax.com/home/images/mobile-apps/ 11 KB
12 KB 4645ms
4643ms Image
image/png 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/mobile-apps/GooglePlay.png

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

426b6b35640301e407cfbcec1189bc24e5eb82f78004a4d062ba7cf2193fb582

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=11
content-length: 11444
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc9d2fb4"
strict-transport-security: max-age=31536000
content-type: image/png
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:51 GMT

GET
H2 200 main.js Show response
www.carmax.com/shared/header-footer/full/js/ 47 KB
14 KB 2ms
0ms Script
application/javascript 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/shared/header-footer/full/js/main.js

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

3eb27055393c304c1d076cf378cf5579ddf186429625978df4f391cbc913528a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 13520
request-context: appId=cid-v1:10145438-aa4e-4870-8785-9a64ffe121ad
x-akamai-http2-push: 1
last-modified: Thu, 01 Jan 1970 00:00:01 GMT
server: Microsoft-IIS/10.0
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
vary: Accept-Encoding
strict-transport-security: max-age=31536000
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=300
content-security-policy: upgrade-insecure-requests
timing-allow-origin: *

GET
H2 200 common.83d7ee9e08802a5eea4e.bundle.js Show response
www.carmax.com/home/dist/ 3 KB
2 KB 4762ms
4759ms Script
application/javascript 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/common.83d7ee9e08802a5eea4e.bundle.js

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Akamai Resource Optimizer / ASP.NET

Resource Hash

e0d93158bc02c78247e0ccd2b5563a6ca81c552318dc30036846e62094d45233

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=9
content-length: 1284
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Mon, 10 Feb 2020 19:20:16 GMT
server: Akamai Resource Optimizer
etag: "1d5e03a160d6210"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: application/javascript
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=90001-90068+90070-90084+90086-90089+90091+90093-90096+90099+90189,lat=33.9733,long=-118.2487,country_code=US,city=LOSANGELES,throughput=low,network=roadrunner,network_type=cable,region_code=CA,timezone=PST, zip=,lat=41.33,long=19.82,country_code=AL,city=TIRANA,throughput=vhigh,network=,network_type=,region_code=,timezone=GMT+1
expires: Tue, 11 Feb 2020 17:52:26 GMT

GET
H2 200 home.d97d8bd3e229950a69c2.bundle.js Show response
www.carmax.com/home/dist/ 46 KB
14 KB 4818ms
4816ms Script
application/javascript 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/home.d97d8bd3e229950a69c2.bundle.js

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Akamai Resource Optimizer / ASP.NET

Resource Hash

32794fadfdd8837e7598422ceadbba2fcf5a95805e2906c6bc7da60e10cd2091

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=10
content-length: 13507
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Mon, 10 Feb 2020 19:00:09 GMT
server: Akamai Resource Optimizer
etag: "1d5e03a160dd032"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: application/javascript
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=21903,lat=39.5718,long=-76.0404,country_code=US,city=PERRYVILLE,throughput=vhigh,network=comcast,network_type=cable,region_code=MD,timezone=EST, zip=,lat=48.87,long=2.33,country_code=FR,city=PARIS,throughput=vhigh,network=,network_type=hosted,region_code=IDF,timezone=GMT+1
expires: Tue, 11 Feb 2020 17:52:38 GMT

GET
H2 200 favorites.314ad14406c81baf5df7.bundle.js Show response
www.carmax.com/home/dist/ 19 KB
7 KB 4907ms
4905ms Script
application/javascript 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/favorites.314ad14406c81baf5df7.bundle.js

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Akamai Resource Optimizer / ASP.NET

Resource Hash

072bb85514460fc8b7c263456ac3982207ba96e33bbda360a33c5c0454621720

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=11
content-length: 6183
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Mon, 10 Feb 2020 18:16:11 GMT
server: Akamai Resource Optimizer
etag: "1d5e03a160d23d8"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: application/javascript
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=30038+30058,lat=33.6707,long=-84.1416,country_code=US,city=LITHONIA,throughput=low,network=tmobile,network_type=mobile,region_code=GA,timezone=EST, zip=,lat=36.19,long=44.01,country_code=IQ,city=ERBIL,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+3
expires: Tue, 11 Feb 2020 17:53:04 GMT

GET
H2 200 ryls.f4db6135167cf2d68091.bundle.js Show response
www.carmax.com/home/dist/ 11 KB
5 KB 4950ms
4948ms Script
application/javascript 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/ryls.f4db6135167cf2d68091.bundle.js

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Akamai Resource Optimizer / ASP.NET

Resource Hash

30565cd69d188a60153a3746564c8bf65e36f9159c12aaa3750e048c50bceae1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=12
content-length: 3978
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Mon, 10 Feb 2020 19:10:35 GMT
server: Akamai Resource Optimizer
etag: "1d5e03a160d428c"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: application/javascript
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=30301-30322+30324-30334+30336-30346+30348-30350+30353-30364+30366+30368-30371+30374-30375+30377-30378+30380+30384-30385+30388+30392+30394+30396+30398+31106-31107+31119+31126+31131+31136+31139+31141+31145-31146+31150+31156+31192-31193+31195-31196+39901,lat=33.7486,long=-84.3884,country_code=US,city=ATLANTA,throughput=low,network=att,network_type=mobile,region_code=GA,timezone=EST, zip=,lat=36.19,long=44.01,country_code=IQ,city=ERBIL,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+3
expires: Tue, 11 Feb 2020 17:52:26 GMT

GET
H2 200 vendor.873f2967db1ccfb48a88.bundle.js Show response
www.carmax.com/home/dist/ 1018 KB
390 KB 5014ms
5012ms Script
application/javascript 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/home/dist/vendor.873f2967db1ccfb48a88.bundle.js

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

b82ac5ff9545c69fff5430ebdcdc5ae80ee049275e0862113b0dc42c8b22e3dd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=10
content-length: 397754
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Mon, 10 Feb 2020 17:46:56 GMT
server: Kestrel
etag: "1d5e03a16028e24"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: application/javascript
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=85128,lat=32.9772,long=-111.5231,country_code=US,city=COOLIDGE,throughput=vhigh,network=,network_type=,region_code=AZ,timezone=MST, zip=,lat=50.12,long=8.68,country_code=DE,city=FRANKFURT,throughput=vhigh,network=mil,network_type=,region_code=HE,timezone=GMT+1
expires: Tue, 11 Feb 2020 17:52:26 GMT

GET
H2 200 launch-EN63bcc7d291644d7bb97df7d8af0018cc.min.js Show response
assets.adobedtm.com/ 428 KB
105 KB 34ms
32ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN63bcc7d291644d7bb97df7d8af0018cc.min.js
Requested by: Host: www.carmax.com
URL: https://www.carmax.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 70a0a8797baa5bd2f0bb0f8bffe27b2ffd68f7c3d9d741d30b2a78a9209b5d16

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 13:07:50 GMT
server: AkamaiNetStorage
etag: "3bd93330864de31d3e6ac74025af1741:1581426470.951107"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2020 15:38:11 GMT

GET
H2 200 a140fc891726afc9e89644cd154d Show response
www.carmax.com/assets/ 61 KB
16 KB 163ms
161ms Script
application/javascript 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/assets/a140fc891726afc9e89644cd154d

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

b070ee03f9e5b88b1f54658a735cb66c55773bf25d50e8321d3792320e932dfa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
vary: Accept-Encoding
last-modified: Tue, 05 Nov 2019 17:40:43 GMT
etag: "358c0d78a71682c442d44601235aa61df0a159a823ee28e12aa15df88f6a5d5f"
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
content-type: application/javascript
status: 200
cache-control: max-age=604800
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000
timing-allow-origin: *
content-length: 15544
expires: Wed, 12 Feb 2020 14:48:11 GMT

GET
H2 200 G44P5-SQM6J-DDMWR-2C333-A6FEA Show response
s.go-mpulse.net/boomerang/ 202 KB
49 KB 72ms
24ms Script
application/javascript 23.0.36.169
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.go-mpulse.net/boomerang/G44P5-SQM6J-DDMWR-2C333-A6FEA
Requested by: Host: www.carmax.com
URL: https://www.carmax.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.0.36.169 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-0-36-169.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9fb974b84a129972abbd1e2e5cfdf685cab5f6f22d881adf3845bc73b43eb4ad

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: br
last-modified: Wed, 05 Feb 2020 03:07:41 GMT
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
status: 200
cache-control: max-age=604800
timing-allow-origin: *
content-length: 50141

GET
H/1.1 200
OK aksb.min.js Show response
ds-aksb-a.akamaihd.net/ 13 KB
5 KB 28ms
5ms Script
application/x-javascript 2a01:4a0:1338:28::c38a:ff0a
NETZBETRIEB-GMBH

General

Check archive.org

Show headers Download Go to

Full URL: https://ds-aksb-a.akamaihd.net/aksb.min.js
Requested by: Host: www.carmax.com
URL: https://www.carmax.com/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a01:4a0:1338:28::c38a:ff0a , Germany, ASN201011 (NETZBETRIEB-GMBH, DE),
Reverse DNS
Software: Apache /
Resource Hash: 7f06def529e0076b37f65c60085a6b1c65f1bbab0b1f87c72c188018b5094966

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Wed, 12 Feb 2020 14:38:11 GMT
Content-Encoding: gzip
Last-Modified: Thu, 30 Aug 2018 18:25:26 GMT
Server: Apache
ETag: "15de19f42b35806faf815298644157e0:1535653526"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=43200
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *
Content-Length: 4826

GET
H2 200 default.jpg
www.carmax.com/home/images/home/hero/desktop/ 256 KB
257 KB 1788ms
1787ms Image
image/jpeg 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/home/hero/desktop/default.jpg

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

34e9292bdf8f627b771adb544491688af4f88d2e5e6305e10639670a3573ac73

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/home/dist/home.4e298c984f9e001b49f1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=11
content-length: 261687
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc9efd37"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=40.37,long=49.88,country_code=AZ,city=BAKI,throughput=vhigh,network=,network_type=,region_code=,timezone=GMT+4
expires: Tue, 11 Feb 2020 13:23:31 GMT

GET
H2 200 sell.jpg
www.carmax.com/home/images/home/hero/mobile/ 57 KB
57 KB 6919ms
6919ms Image
image/jpeg 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/home/hero/mobile/sell.jpg

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

9cb2eed08d33597ce033a6be53cedb347c7d216a71e87a2cfba9d3b3f05ef4de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/home/dist/home.4e298c984f9e001b49f1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=44
content-length: 57888
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc9de120"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:50 GMT

GET
H2 200 finance.jpg
www.carmax.com/home/images/home/hero/mobile/ 61 KB
62 KB 7819ms
7819ms Image
image/jpeg 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.carmax.com/home/images/home/hero/mobile/finance.jpg

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Kestrel / ASP.NET

Resource Hash

b9b5b36ecd5d34d5c8016da5d664d0ddae3fa00b7fc406c13e256ab12924a23a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/home/dist/home.4e298c984f9e001b49f1.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
x-powered-by: ASP.NET
status: 200
server-timing: cdn-cache; desc=HIT, edge; dur=46
content-length: 62276
request-context: appId=cid-v1:27edf698-2947-4553-a2ea-de3de8da3389
last-modified: Fri, 07 Feb 2020 14:49:02 GMT
server: Kestrel
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
etag: "1d5ddc5bc9df044"
strict-transport-security: max-age=31536000
content-type: image/jpeg
cache-control: public, max-age=86400
content-security-policy: upgrade-insecure-requests
accept-ranges: bytes
timing-allow-origin: *
kmxgeodata: zip=,lat=53.90,long=27.57,country_code=BY,city=MINSK,throughput=vhigh,network=,network_type=mobile,region_code=,timezone=GMT+2
expires: Tue, 11 Feb 2020 13:23:32 GMT

GET lato-v16-latin-700.woff2
www.carmax.com/shared/fonts/ 0
0

GET
H2 200 ai.2.min.js Show response
az416426.vo.msecnd.net/scripts/b/ 121 KB
32 KB 76ms
18ms Script
text/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by: Host: www.carmax.com
URL: https://www.carmax.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.19.160 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/8B4D) /
Resource Hash: 15a2ec54543966337cf203ca6fd243bf1c926e16e45f5d37afa83889fcc28bae

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
content-md5: b4Ixkh1ern3iw3zWYXW4Rw==
age: 544
x-cache: HIT
status: 200
content-length: 32675
x-ms-lease-status: unlocked
last-modified: Wed, 05 Feb 2020 23:45:44 GMT
server: ECAcc (ama/8B4D)
etag: 0x8D7AA9584A56D7D
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 1b948f59-701e-007f-24b0-e17ad6000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=1800, immutable
x-ms-version: 2009-09-19

OPTIONS
H/1.1 200
OK 6086 Show response
api.carmax.com/v1/api/stores/ 0
614 B 289ms
140ms XHR
text/plain 2a02:26f0:6c00:185::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api.carmax.com/v1/api/stores/6086?platform=carmax.com

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/shared/header-footer/full/js/main.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:185::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Access-Control-Request-Method: GET
Origin: https://www.carmax.com
Referer: https://www.carmax.com/
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: apikey

Response headers

Pragma: no-cache
Date: Wed, 12 Feb 2020 14:38:11 GMT
Server: Microsoft-IIS/8.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Strict-Transport-Security: max-age=31536000
Access-Control-Allow-Methods: GET, POST, PUT, DELETE
Access-Control-Allow-Origin: https://www.carmax.com
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: ApiKey, Content-Type, Accept, X-Kmx-Origin, x-ms-request-id, x-ms-request-root-id
Content-Length: 0
Expires: -1

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN63bcc7d291644d7bb97df7d8af0018cc.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 279
date: Wed, 12 Feb 2020 14:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 18174
expires: Wed, 12 Feb 2020 16:33:32 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 384 B
1 KB 46ms
46ms XHR
application/json 3.248.168.38
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=3.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=0C1038B35278345B0A490D4C%40AdobeOrg&d_nsid=0&ts=1581518291541

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN63bcc7d291644d7bb97df7d8af0018cc.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.168.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-168-38.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e2fa765df720b2fa281ac61f63cf604a2a6a11640adc552374c3d7e40be50e26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.carmax.com/
Origin: https://www.carmax.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v059-0aef39794.edge-irl1.demdex.com 5.65.0.20200204084552 2ms (+2ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: VRh3aTf+Tro=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.carmax.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 315
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP143333dab9bb4582a773c81f3a840074/ 33 KB
13 KB 27ms
27ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP143333dab9bb4582a773c81f3a840074/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN63bcc7d291644d7bb97df7d8af0018cc.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 1fe69a53b80d3d6812605112439dfc8f3f18961b5500e4be894c008d90f36eb8

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
content-encoding: gzip
last-modified: Tue, 10 Jul 2018 17:57:56 GMT
server: Apache
etag: "f7d0998b199955517abe171a2bd0d88b:1531245476"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *, *, *, *
content-length: 12569
expires: Wed, 12 Feb 2020 15:38:11 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1595044906&t=pageview&_s=1&dl=https%3A%2F%2Fwww.carmax.com%2F&ul=en-us&de=UTF-8&dt=CarMax%20-%20Browse%20used%20cars%20and%20new%20cars%20onl...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-187672-9&cid=1787979041.1581518292&jid=1878062907&_gid=548450841.1581518292&gjid=334267462&_v=j81&z=1171196310
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-187672-9&cid=1787979041.1581518292&jid=1878062907&_v=j81&z=1171196310
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-187672-9&cid=1787979041.1581518292&jid=1878062907&_v=j81&z=1171196310&slf_rd=1&random=3013031020

42 B
109 B

17ms
16ms

Image
image/gif

2a00:1450:4001:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-187672-9&cid=1787979041.1581518292&jid=1878062907&_v=j81&z=1171196310&slf_rd=1&random=3013031020

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:820::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 12 Feb 2020 14:38:11 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 12 Feb 2020 14:38:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-187672-9&cid=1787979041.1581518292&jid=1878062907&_v=j81&z=1171196310&slf_rd=1&random=3013031020
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK Cookie set dest5.html
carmaxbusinessservicesllc.demdex.net/ Frame 73E9 0
0 151ms
38ms Document
text/html 52.213.115.189
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://carmaxbusinessservicesllc.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN63bcc7d291644d7bb97df7d8af0018cc.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.213.115.189 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-213-115-189.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: carmaxbusinessservicesllc.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.carmax.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=55593257846370003674384713407506382769
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.carmax.com/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Tue, 04 Feb 2020 14:30:33 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=55593257846370003674384713407506382769;Path=/;Domain=.demdex.net;Expires=Mon, 10-Aug-2020 14:38:11 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: ro49khDjQDY=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
carmax.sc.omtrdc.net/ 3 B
309 B 98ms
28ms XHR
application/x-javascript 15.188.31.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://carmax.sc.omtrdc.net/id?d_visid_ver=3.3.0&d_fieldgroup=A&mcorgid=0C1038B35278345B0A490D4C%40AdobeOrg&mid=47314466297545825603483087224592368446&ts=1581518291595

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN63bcc7d291644d7bb97df7d8af0018cc.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.188.31.119 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-188-31-119.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.carmax.com/
Origin: https://www.carmax.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Wed, 12 Feb 2020 14:38:11 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-5d944dff5f-tsp8g
vary: Origin
x-c: master-1135.I1e15b2.M0-337
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.carmax.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript
content-length: 3
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XkQN0wAAAupISFL0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=55593257846370003674384713407506382769
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XkQN0wAAAupISFL0

42 B
915 B

40ms
39ms

Image
image/gif

3.248.168.38
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XkQN0wAAAupISFL0

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

3.248.168.38 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-248-168-38.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v059-0d9ddfff8.edge-irl1.demdex.com 5.65.0.20200204084552 1ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: AH+OdRdpSKo=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Wed, 12 Feb 2020 14:38:10 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XkQN0wAAAupISFL0
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H/1.1 200
OK config.json Show response
c.go-mpulse.net/api/ 14 KB
3 KB 231ms
219ms XHR
application/json 2a02:26f0:6c00:184::11a6
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.go-mpulse.net/api/config.json?key=G44P5-SQM6J-DDMWR-2C333-A6FEA&d=www.carmax.com&t=5271728&v=1.667.0&sl=0&si=p1bkfhf18s-q5lfbm&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,Early,LOGN&acao=&ak.ai=245985
Requested by: Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/G44P5-SQM6J-DDMWR-2C333-A6FEA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:184::11a6 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 603cda60d26d7f2188a1226812900ca67ae93705acd2edf53d1d781643fbbd6e

Request headers

Referer: https://www.carmax.com/
Origin: https://www.carmax.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Wed, 12 Feb 2020 14:38:11 GMT
Content-Encoding: gzip
Vary: Accept-Encoding
Content-Type: application/json
Access-Control-Allow-Origin: *
Cache-Control: private, max-age=300, stale-while-revalidate=60, stale-if-error=120
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 2750

GET
H2 200 6086 Show response
api.carmax.com/v1/api/stores/ 2 KB
2 KB 3039ms
3039ms XHR
application/json 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://api.carmax.com/v1/api/stores/6086?platform=carmax.com

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Microsoft-IIS/8.5 / ASP.NET

Resource Hash

7f7acff346ca888f976bbce94b4adcafe03a673d2cc66641ba19dbdcac2d25d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Accept: application/json
Referer: https://www.carmax.com/
Origin: https://www.carmax.com
ApiKey: adfb3ba2-b212-411e-89e1-35adab91b600
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Wed, 12 Feb 2020 14:38:11 GMT
etag: "53c6edb6-aab0-4c5b-a6c8-20c3a6cccfb4"
server: Microsoft-IIS/8.5
x-aspnet-version: 4.0.30319
status: 200
x-powered-by: ASP.NET
strict-transport-security: max-age=31536000
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: application/json
access-control-allow-origin: https://www.carmax.com
cache-control: max-age=7200
access-control-allow-credentials: true
access-control-allow-headers: ApiKey, Content-Type, Accept, X-Kmx-Origin, x-ms-request-id, x-ms-request-root-id
content-length: 1644

POST
H2 201 a140fc891726afc9e89644cd154d Show response
www.carmax.com/assets/ 18 B
1008 B 55ms
55ms XHR
application/json 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/assets/a140fc891726afc9e89644cd154d

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
Origin: https://www.carmax.com
Sec-Fetch-Dest: empty
Request-Id: |90b8c867b9974fb798581f212def202c.237d78eac9504ed2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 12 Feb 2020 14:38:14 GMT
allow: POST, OPTIONS
status: 201
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
content-type: application/json
access-control-allow-origin: https://www.carmax.com
access-control-allow-credentials: true
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000
timing-allow-origin: *
access-control-allow-headers: Content-Type
content-length: 18

POST
H2 201 a140fc891726afc9e89644cd154d Show response
www.carmax.com/assets/ 17 B
764 B 151ms
151ms XHR
application/json 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/assets/a140fc891726afc9e89644cd154d

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

b493cdb3b30ea63f6a924f814dfccfcfe305dac02106f9994ce2bcb2e8ed28c4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
Origin: https://www.carmax.com
Sec-Fetch-Dest: empty
Request-Id: |90b8c867b9974fb798581f212def202c.dfd3d4b7494d4f82
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 12 Feb 2020 14:38:15 GMT
allow: POST, OPTIONS
status: 201
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
content-type: application/json
access-control-allow-origin: https://www.carmax.com
access-control-allow-credentials: true
content-security-policy: upgrade-insecure-requests
strict-transport-security: max-age=31536000
timing-allow-origin: *
access-control-allow-headers: Content-Type
content-length: 17

GET
DATA 200
OK truncated
/ 8 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d54f94df1233ab7224af68f63fe3df27584c4c01d70b2e65bcdc774ba05c6b41

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

POST
H2 200 pixel_494dcae3 Show response
www.carmax.com/akam/11/ 0
672 B 21ms
21ms XHR
text/html 2a02:26f0:6c00:183::1c4e
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.carmax.com/akam/11/pixel_494dcae3

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2a02:26f0:6c00:183::1c4e , Ascension Island, ASN20940 (AKAMAI-ASN1, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Request headers

Referer: https://www.carmax.com/
Origin: https://www.carmax.com
Sec-Fetch-Dest: empty
Request-Id: |90b8c867b9974fb798581f212def202c.8770a95f39a44e6a
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Wed, 12 Feb 2020 14:38:15 GMT
x-frame-options: ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/
strict-transport-security: max-age=31536000
content-type: text/html
status: 200
content-security-policy: upgrade-insecure-requests
server-timing: cdn-cache; desc=HIT, edge; dur=2
timing-allow-origin: *
content-length: 0

GET
H2 200 RCe76cd55593e1462797b696f4c55729b9-source.min.js Show response
assets.adobedtm.com/85b02176ad5a/02d33ece1bb1/b1673d0e8fc3/ 495 B
554 B 26ms
25ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/85b02176ad5a/02d33ece1bb1/b1673d0e8fc3/RCe76cd55593e1462797b696f4c55729b9-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN63bcc7d291644d7bb97df7d8af0018cc.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: daeead1a142856b278794f6a0ad7387702d48d4e3760a4459b70a281f3be593a

Request headers

Referer: https://www.carmax.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Wed, 12 Feb 2020 14:38:18 GMT
content-encoding: gzip
last-modified: Tue, 11 Feb 2020 13:07:52 GMT
server: AkamaiNetStorage
etag: "685555ea77a3e2d9e952a9d6f2588518:1581426472.410295"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 309
expires: Wed, 12 Feb 2020 15:38:18 GMT

OPTIONS
H/1.1 200
OK track Show response
dc.services.visualstudio.com/v2/ 0
311 B 114ms
27ms XHR
text/plain 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Access-Control-Request-Method: POST
Origin: https://www.carmax.com
Referer: https://www.carmax.com/
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Access-Control-Request-Headers: content-type,sdk-context

Response headers

Access-Control-Allow-Origin: *
Date: Wed, 12 Feb 2020 14:38:29 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length: 0
Access-Control-Max-Age: 3600
Access-Control-Allow-Methods: POST

POST
H/1.1 206
Partial Content track Show response
dc.services.visualstudio.com/v2/ 365 B
802 B 220ms
220ms XHR
application/json 51.140.6.23
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://dc.services.visualstudio.com/v2/track

Requested by

Host: www.carmax.com
URL: https://www.carmax.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

28f5c968cee3380b8c60aa366608d5fbe6bdd901b6f200d1f51b3001454a7092

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.carmax.com/
Origin: https://www.carmax.com
Sec-Fetch-Dest: empty
Sdk-Context: appId
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: application/json

Response headers

x-ms-session-id: B270E6D8-EAE5-48F5-9F94-FD3005030561
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Date: Wed, 12 Feb 2020 14:38:29 GMT
Access-Control-Max-Age: 3600
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length: 365

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.carmax.com
URL: https://www.carmax.com/shared/fonts/lato-v16-latin-regular.woff2

Domain: www.carmax.com
URL: https://www.carmax.com/shared/fonts/CarMaxSharpSansDisp-Bold.woff2

Domain: www.carmax.com
URL: https://www.carmax.com/shared/fonts/lato-v16-latin-700.woff2

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://www.carmax.com/shared/header-footer/full/js/main.js(Line 16) Message: Error getting nearest store from localStorage: TypeError: Cannot read property 'getItem' of null
console-api	error	URL: https://s.go-mpulse.net/boomerang/G44P5-SQM6J-DDMWR-2C333-A6FEA(Line 11) Message: Error saving nearest store to localStorage: TypeError: Cannot read property 'setItem' of null
console-api	warning	URL: https://www.carmax.com/home/dist/vendor.873f2967db1ccfb48a88.bundle.js(Line 1) Message: No slides found in [object HTMLDivElement]
console-api	error	URL: https://s.go-mpulse.net/boomerang/G44P5-SQM6J-DDMWR-2C333-A6FEA(Line 11) Message: TypeError: Cannot read property 'getItem' of null
console-api	log	(Line 2) Message: div inserted

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://carmaxbusinessservicesllc.marketing.adobe.com/ https://carmax-prod.saas.appdynamics.com/ https://carmax-dev.saas.appdynamics.com/

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.carmax.com
assets.adobedtm.com
az416426.vo.msecnd.net
c.go-mpulse.net
carmax.com
carmax.sc.omtrdc.net
carmaxbusinessservicesllc.demdex.net
cm.everesttech.net
dc.services.visualstudio.com
dpm.demdex.net
ds-aksb-a.akamaihd.net
s.go-mpulse.net
stats.g.doubleclick.net
www.carmax.com
www.google-analytics.com
www.google.com
www.google.de
www.carmax.com
15.188.31.119
152.199.19.160
23.0.36.169
23.210.248.45
2a00:1450:4001:80b::200e
2a00:1450:4001:820::2003
2a00:1450:4001:820::2004
2a00:1450:400c:c00::9c
2a01:4a0:1338:28::c38a:ff0a
2a02:26f0:6c00:183::1c4e
2a02:26f0:6c00:184::11a6
2a02:26f0:6c00:185::1c4e
3.248.168.38
51.140.6.23
52.213.115.189
63.116.28.180
66.117.28.86
072bb85514460fc8b7c263456ac3982207ba96e33bbda360a33c5c0454621720
08568e45b503ef7d9fdde60c435ba6ff4d5ed1cc4c2641fe99957e05e797017e
0af0fee3789194720bc442571a8cd1bba9b3d43193f98cc04864b7ee41988308
1240dc9bb293d23e55a6245a9cf655ea241c76db72bbb347e2d9ca0f8083e1e1
15a2ec54543966337cf203ca6fd243bf1c926e16e45f5d37afa83889fcc28bae
1a1582512f89d23115755aafde8eccae6967a3320fc4ae8783a1f036a5b06cf5
1fe69a53b80d3d6812605112439dfc8f3f18961b5500e4be894c008d90f36eb8
28f5c968cee3380b8c60aa366608d5fbe6bdd901b6f200d1f51b3001454a7092
30565cd69d188a60153a3746564c8bf65e36f9159c12aaa3750e048c50bceae1
32794fadfdd8837e7598422ceadbba2fcf5a95805e2906c6bc7da60e10cd2091
34e9292bdf8f627b771adb544491688af4f88d2e5e6305e10639670a3573ac73
3c516e01834685d3d1fd776b5b929c934604a23221bf56393286fc483e92d8f9
3eb27055393c304c1d076cf378cf5579ddf186429625978df4f391cbc913528a
426b6b35640301e407cfbcec1189bc24e5eb82f78004a4d062ba7cf2193fb582
603cda60d26d7f2188a1226812900ca67ae93705acd2edf53d1d781643fbbd6e
68507f46cf992f0b65f3568cbe69c88f4d63dba3e4367a7db51f2f0506604790
70a0a8797baa5bd2f0bb0f8bffe27b2ffd68f7c3d9d741d30b2a78a9209b5d16
7706cdca720ba833e8fe244a95017e06ba1b9139b909355a02ccade8e94cb3cc
7f06def529e0076b37f65c60085a6b1c65f1bbab0b1f87c72c188018b5094966
7f7acff346ca888f976bbce94b4adcafe03a673d2cc66641ba19dbdcac2d25d7
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
897d5bfed0bb90f938895c09b2fe33fc1258065cf53af42950a1572fd5a024f7
9cb2eed08d33597ce033a6be53cedb347c7d216a71e87a2cfba9d3b3f05ef4de
9fb974b84a129972abbd1e2e5cfdf685cab5f6f22d881adf3845bc73b43eb4ad
b070ee03f9e5b88b1f54658a735cb66c55773bf25d50e8321d3792320e932dfa
b493cdb3b30ea63f6a924f814dfccfcfe305dac02106f9994ce2bcb2e8ed28c4
b82ac5ff9545c69fff5430ebdcdc5ae80ee049275e0862113b0dc42c8b22e3dd
b9b5b36ecd5d34d5c8016da5d664d0ddae3fa00b7fc406c13e256ab12924a23a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d31cb59c8958cfe5aec7d7d01350dbbf8ee3bfe4c3081e56bcd29b3a50137ed6
d54f94df1233ab7224af68f63fe3df27584c4c01d70b2e65bcdc774ba05c6b41
daeead1a142856b278794f6a0ad7387702d48d4e3760a4459b70a281f3be593a
e0d93158bc02c78247e0ccd2b5563a6ca81c552318dc30036846e62094d45233
e2fa765df720b2fa281ac61f63cf604a2a6a11640adc552374c3d7e40be50e26
e3126aaa9e13d76815669429c16441add25eac38572bee58d13cc3a1570293b8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
eb886fae1a7eab929e805cfa2c302ab375905a1c3b55f2bfe277c5b06af32769
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f09acdcff589a63ab53f62633ea59930381d9dd9d971da52dfeece47c8a706c9
fcd6acab1a311e89ae1aef024707e986871eff4071c584de3e93970c5fc4a23d
ff1a1bfc4d16edfb61642d45fbf15f80edc6ef0ff01bfdb4b79e2e38adf0fdda

www.carmax.com Open in urlscan Pro 2a02:26f0:6c00:183::1c4e Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

47 Requests

94 %HTTPS

47 %IPv6

13 Domains

17 Subdomains

14 IPs

8 Countries

1715 kBTransfer

3388 kBSize

0 Cookies

9 Outgoing links

Page URL History

Redirected requests

47 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.carmax.com Open in urlscan Pro
2a02:26f0:6c00:183::1c4e Public Scan

Screenshot
Live screenshot

Full Image

47
Requests

94 %
HTTPS

47 %
IPv6

13
Domains

17
Subdomains

14
IPs

8
Countries

1715 kB
Transfer

3388 kB
Size

0
Cookies

47 HTTP transactions
2 data transactions