urlscan.io logo urlscan.io
SecurityTrails logo

www.hsabank.com Open in urlscan Pro
70.37.166.146  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://click.emails.hsabank.com/?qs=c46e84fffc9913636dfe1272466bd81ac139104098fba76bc6788d057e839de2d7656135efbac4bdd919e8b539d3...
Effective URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_con...
Submission: On April 27 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 14 IPs in 3 countries across 12 domains to perform 68 HTTP transactions. The main IP is 70.37.166.146, located in San Antonio, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.hsabank.com. The Cisco Umbrella rank of the primary domain is 299150.
TLS certificate: Issued by Entrust Certification Authority - L1K on March 6th 2023. Valid for: a year.
This is the only time www.hsabank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    13.111.23.196 (United States)

ASN22606 (EXACT-7, US)
PTR: click.emails.hsabank.com
click.emails.hsabank.com
40    70.37.166.146 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.hsabank.com
1    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
4    52.45.38.67 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-38-67.compute-1.amazonaws.com
7298557.collect.igodigital.com
nova.collect.igodigital.com
1    2600:9000:21f3:c800:1:fb61:2b80:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.levelaccess.net
2    2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
3    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    2a00:1450:4001:80e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    2a00:1450:4001:831::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
5    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
2    2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2600:1f18:4457:4601:5208:6183:c586:89d5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
api.levelaccess.net
Apex Domain
Subdomains		 Transfer
41 hsabank.com
click.emails.hsabank.com
www.hsabank.com — Cisco Umbrella Rank: 299150
676 KB
5 gstatic.com
fonts.gstatic.com
79 KB
4 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2930
www.google.com — Cisco Umbrella Rank: 16
770 B
4 igodigital.com
7298557.collect.igodigital.com — Cisco Umbrella Rank: 436848
nova.collect.igodigital.com — Cisco Umbrella Rank: 5679
3 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 189
137 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 3425
515 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 166
396 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 91
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 114
136 KB
2 levelaccess.net
cdn.levelaccess.net — Cisco Umbrella Rank: 20909
api.levelaccess.net — Cisco Umbrella Rank: 26027
62 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1289
netdna.bootstrapcdn.com — Cisco Umbrella Rank: 5620
11 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 119
2 KB
68 12
Domain Requested by
40 www.hsabank.com www.hsabank.com
cdn.levelaccess.net
5 fonts.gstatic.com fonts.googleapis.com
3 nova.collect.igodigital.com www.hsabank.com
cdn.levelaccess.net
3 region1.analytics.google.com www.googletagmanager.com
2 connect.facebook.net www.hsabank.com
connect.facebook.net
2 www.google.de www.hsabank.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com www.hsabank.com
www.googletagmanager.com
1 api.levelaccess.net cdn.levelaccess.net
1 netdna.bootstrapcdn.com www.hsabank.com
1 www.google.com www.hsabank.com
1 cdn.levelaccess.net www.hsabank.com
1 7298557.collect.igodigital.com www.hsabank.com
1 maxcdn.bootstrapcdn.com www.hsabank.com
1 fonts.googleapis.com www.hsabank.com
1 click.emails.hsabank.com 1 redirects
68 17
Subject Issuer Validity Valid
www.hsabank.com
Entrust Certification Authority - L1K		 2023-03-06 -
2024-03-17		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-12-30 -
2023-12-30		 a year crt.sh
*.collect.igodigital.com
Amazon RSA 2048 M02		 2023-02-21 -
2024-01-13		 a year crt.sh
cdn.levelaccess.net
Amazon RSA 2048 M02		 2023-03-01 -
2024-01-28		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
www.google.de
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-04-03 -
2023-06-26		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-02-03 -
2023-05-04		 3 months crt.sh
api.levelaccess.net
Amazon RSA 2048 M02		 2023-03-01 -
2024-01-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Frame ID: 934FDAE68CBD5E8B1A63E1CAEF50A5E3
Requests: 68 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HSA IRS Contribution Limits and Guidelines - HSA Bank

Page URL History Show full URLs

  1. https://click.emails.hsabank.com/?qs=c46e84fffc9913636dfe1272466bd81ac139104098fba76bc6788d057e839de2d7656135... HTTP 302
    https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sf... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

68
Requests

100 %
HTTPS

80 %
IPv6

12
Domains

17
Subdomains

14
IPs

3
Countries

1127 kB
Transfer

2591 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.emails.hsabank.com/?qs=c46e84fffc9913636dfe1272466bd81ac139104098fba76bc6788d057e839de2d7656135efbac4bdd919e8b539d351847aa04e40b3a28802 HTTP 302
    https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

68 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request irs-contribution-limits-and-guidelines
www.hsabank.com/hsabank/learning-center/
Redirect Chain
  • https://click.emails.hsabank.com/?qs=c46e84fffc9913636dfe1272466bd81ac139104098fba76bc6788d057e839de2d7656135efbac4bdd919e8b539d351847aa04e40b3a28802
  • https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5...
82 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5200e36210bed6a382b6760bfb9962f63af3d9df428b4425930538ead29f7970
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
16053
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
text/html; charset=utf-8
Date
Thu, 27 Apr 2023 13:35:17 GMT
Expires
-1
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN

Redirect headers

Cache-Control
private
Connection
close
Content-Length
382
Content-Type
text/html; charset=utf-8
Date
Thu, 27 Apr 2023 13:35:17 GMT
Location
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
bootstrapmin.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/ 		118 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/bootstrapmin.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 27 Apr 2023 13:35:17 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="bootstrapmin.css"
Content-Length
27680
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Apr 2020 17:48:44 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
css2
fonts.googleapis.com/ 		24 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
36bdf18c4c8a6854277be595fbdc66fddbc009d10c9bdeb8e71f28fea614c95d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 27 Apr 2023 13:35:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 13:35:18 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 27 Apr 2023 13:35:18 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 13:35:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
722
age
588699
cdn-cachedat
11/18/2022 06:18:29
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver
1.03
cdn-requestpullcode
200
server
cloudflare
etag
W/"269550530cc127b6aa5a35925a7de6ce"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
be050c61329891fb4ef880afd785a1b0
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
7be772ad2b4c18e9-FRA
cdn-requestpullsuccess
True
style.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/ 		87 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d7a229a58c6420f329f8dca6dc343ba08ad13c42fae2ca4ccf948a3da791e91d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 27 Apr 2023 13:35:17 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="style.css"
Content-Length
23954
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 07 Mar 2023 18:27:29 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
lock-yellow.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 		487 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/lock-yellow.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:18 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="lock-yellow.png"
Accept-Ranges
bytes
Content-Length
487
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
members.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 		6 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/members.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:23 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="members.jpg"
Accept-Ranges
bytes
Content-Length
6597
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
logo-hsabank.ashx
www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/logo-hsabank.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fc8331c82d59e08430c3a341203a29b57de8ab6595876e484fc5a31e03183693
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 23 Feb 2023 15:06:33 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="logo-hsabank.png"
Accept-Ranges
bytes
Content-Length
11026
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
searchboxmobile.min.css
www.hsabank.com/Styles/ 		311 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/Styles/searchboxmobile.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2d91e980d6f338755fa8c1a9ec52e2b4e75f90ee211530783cddcef3978a0746
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 27 Apr 2023 13:35:18 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length
273
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 19 Apr 2023 00:21:48 GMT
Server
Microsoft-IIS/10.0
ETag
"ee4f42ee5472d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
open-hsa-navbanner.jpg
www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/ 		38 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/open-hsa-navbanner.jpg
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:20:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="open-hsa-navbanner.jpg"
Accept-Ranges
bytes
Content-Length
38779
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
2022-ER-Partner-Navigation
www.hsabank.com/~/media/Images/Mobile_Responsive_2017/2017/learning-center/health-and-wealth-index/ 		57 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/media/Images/Mobile_Responsive_2017/2017/learning-center/health-and-wealth-index/2022-ER-Partner-Navigation
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
175d25eb48831e6f67bacbc9afbc26665736432cc379e79c3d84148eb1acd55f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 01 Jun 2022 20:52:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="2022-ER-Partner-Navigation.jpg"
Accept-Ranges
bytes
Content-Length
58795
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
learning-center.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 		10 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/learning-center.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:22 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="learning-center.jpg"
Accept-Ranges
bytes
Content-Length
10245
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
about.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/about.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:23 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="about.jpg"
Accept-Ranges
bytes
Content-Length
11131
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
searchbox.min.css
www.hsabank.com/Styles/ 		920 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/Styles/searchbox.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
85975a2be961791f9eca87929ad244be78a77031631e9e27baeb40b2dd2d8403
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 27 Apr 2023 13:35:18 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length
594
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 19 Apr 2023 00:21:48 GMT
Server
Microsoft-IIS/10.0
ETag
"8a8a3dee5472d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
searchglass.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 		439 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/searchglass.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:19 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="searchglass.png"
Accept-Ranges
bytes
Content-Length
439
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
searchbox.min.js
www.hsabank.com/Scripts/ 		85 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/Scripts/searchbox.min.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3adcd7060b73a40bdb29c97abbab98ef6c29038028ba0c7d974cbcdd3b1b158b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 27 Apr 2023 13:35:18 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length
191
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 19 Apr 2023 00:21:48 GMT
Server
Microsoft-IIS/10.0
ETag
"3dcb36ee5472d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
breadcrumb.min.css
www.hsabank.com/Styles/Site/ 		563 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/Styles/Site/breadcrumb.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
134e7514c0adc4160ee20023402f2be4d7e9f869222392b4639cb05912cccca2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 27 Apr 2023 13:35:18 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length
407
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 19 Apr 2023 00:21:48 GMT
Server
Microsoft-IIS/10.0
ETag
"992a79ee5472d91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
single-plan.jpg
www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/single-plan.jpg
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6244b5323a0f8a39ef68428cb730b734c0027a2e1c68b4bd1ec2030a0be6009a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="single-plan.jpg"
Accept-Ranges
bytes
Content-Length
3155
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
family-plan.jpg
www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/family-plan.jpg
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d371c565ec3a3cb356ca742f14883a254781cc80e4f5e02a0fd0fb6d75041406
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:15 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="family-plan.jpg"
Accept-Ranges
bytes
Content-Length
4141
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
collect.js
7298557.collect.igodigital.com/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://7298557.collect.igodigital.com/collect.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.38.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-38-67.compute-1.amazonaws.com
Software
/
Resource Hash
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 13:35:18 GMT
content-encoding
gzip
last-modified
Wed, 26 Apr 2023 17:25:44 GMT
vary
Accept-Encoding
content-type
application/javascript
access.js
cdn.levelaccess.net/accessjs/YW1wMTEwNDI/ 		461 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:c800:1:fb61:2b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ec7a5529dd7c6368cc3d9ebeac06497ef8c77a1dd91664ce3f0fc5cc93670b3e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-amz-version-id
oNecIRIxqtDE1il4Y0VbkkLojldcDXoU
Content-Encoding
gzip
Via
1.1 e56e6732f380db727425bac2d6158760.cloudfront.net (CloudFront)
Date
Thu, 27 Apr 2023 13:28:08 GMT
X-Amz-Cf-Pop
FRA2-C2
Age
431
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
62474
Last-Modified
Tue, 28 Jun 2022 06:00:39 GMT
Server
AmazonS3
ETag
"de038ce754f9f0880d8201b0883f7c1d"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Accept-Ranges
bytes
X-Amz-Cf-Id
2mXXWzpmmKEk4_MS1x4qPz-_yLePZiuvz-QptCL_y-eoz4R9K46X5A==
SITE.js
www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/ 		360 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/SITE.js?v=1.07
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 27 Apr 2023 13:35:18 GMT
Transfer-Encoding
chunked
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="SITE.js"
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 08 Sep 2022 19:00:47 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
gtm.js
www.googletagmanager.com/ 		160 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
de63861454fd3da0326ddb3eafc3b6c3d2cf9af6973cfb5fc34c2ddf4b4d54ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 13:35:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
53535
x-xss-protection
0
last-modified
Thu, 27 Apr 2023 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 27 Apr 2023 13:35:18 GMT
analytics.js
www.google-analytics.com/ 		51 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 27 Apr 2023 13:05:04 GMT
last-modified
Mon, 17 Apr 2023 22:36:01 GMT
server
Golfe2
age
1814
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20737
expires
Thu, 27 Apr 2023 15:05:04 GMT
js
www.googletagmanager.com/gtag/ 		245 KB
83 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2132322bd05d549065dd9b96bf238ae61daade00ac9a04dba0f2961c9b27ad94
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 13:35:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
84710
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 27 Apr 2023 13:35:18 GMT
collect
www.google-analytics.com/j/ 		4 B
209 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j100&a=1097974721&t=pageview&_s=1&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&ul=en-us&de=UTF-8&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=2096787767&gjid=1113003775&cid=10370351.1682602519&tid=UA-187387-6&_gid=559007179.1682602519&_r=1&_slc=1&gtm=45He34q0n81PZV52K3&z=1404498376
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 13:35:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
254 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&_gaz=1&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 13:35:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
47 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=10370351.1682602519&gtm=45je34q0&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 13:35:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=10370351.1682602519&gtm=45je34q0&aip=1&z=1104638759
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 13:35:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
349 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-187387-6&cid=10370351.1682602519&jid=2096787767&gjid=1113003775&_gid=559007179.1682602519&_u=YEBAAEAAAAAAACAAI~&z=661960499
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 27 Apr 2023 13:35:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=utms_hsab&ep.utm_medium=email&ep.utm_source=sfmc&ep.utm_content=691751&ep.utm_term=&ep.utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&ep.url_subdirectory_2=irs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b&ep.url_directory=hsabank&ep.e_category=learning-center&_et=3
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 13:35:18 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-187387-6&cid=10370351.1682602519&jid=2096787767&_u=YEBAAEAAAAAAACAAI~&z=148719068
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 13:35:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-187387-6&cid=10370351.1682602519&jid=2096787767&_u=YEBAAEAAAAAAACAAI~&z=148719068
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 13:35:18 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bootstrap-glyphicons.css
netdna.bootstrapcdn.com/bootstrap/3.0.0/css/ 		13 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-glyphicons.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Thu, 27 Apr 2023 13:35:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
632, 617, 617
age
112881
cdn-cachedat
2021-06-08 18:49:13
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:55 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
117cf68f2e117ed0c0818897f6461b78
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
7be772af6ecc18e9-FRA
cdn-requestpullsuccess
True
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 18:48:29 GMT
x-content-type-options
nosniff
age
413209
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15700
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:51:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Apr 2024 18:48:29 GMT
fbevents.js
connect.facebook.net/en_US/ 		107 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
091ba5711e7f397eca67fb1da60968a88be608d2f4fb80955ef74f645b6e898b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 27 Apr 2023 13:35:19 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27967
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
B1nrVUF7Z+nru2TsbeRRLvHs4zRSG+59RMKNJT7Cfle/THYMQgWXWV0goz3bSrigymPEDkoYWpW6HGlQ30QH/g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
track_page_view
nova.collect.igodigital.com/c2/7298557/ 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail%22%2C%22referrer%22%3A%22%22%7D
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.38.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-38-67.compute-1.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-runtime
0.002949
date
Thu, 27 Apr 2023 13:35:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/gif
cache-control
private
content-transfer-encoding
binary
content-disposition
inline
x-xss-protection
1; mode=block
x-request-id
21246094-8b9c-428b-9223-bbb612bc2a35
tridown-green.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 		200 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tridown-green.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e208ea831c45866daa21bd38f49ba53f64ac457b9082198c5d295921f59fe8ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:30 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="tridown-green.png"
Accept-Ranges
bytes
Content-Length
200
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
divider.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/divider.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
510714d70c4277955aa865209771680c78789950540e91b893f9c4f990696344
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:14 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="divider.png"
Accept-Ranges
bytes
Content-Length
1458
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
arrow-background.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 		66 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/arrow-background.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7795ccf26cb60fda3f6fa6e37e706ad00fc9fd04d57d507020d69f8d0172edad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:17 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="arrow-background.png"
Accept-Ranges
bytes
Content-Length
67449
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
tertiary-green-line.jpg
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 		12 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tertiary-green-line.jpg
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 08 Jun 2021 13:26:47 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="tertiary-green-line.jpg"
Accept-Ranges
bytes
Content-Length
12233
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
facebook-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		320 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/facebook-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="facebook-grey.png"
Accept-Ranges
bytes
Content-Length
320
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
twitter-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/twitter-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:16 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="twitter-grey.png"
Accept-Ranges
bytes
Content-Length
1821
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
linkedin-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		402 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/linkedin-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:19 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:15 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="linkedin-grey.png"
Accept-Ranges
bytes
Content-Length
402
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
youtube-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		389 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/youtube-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:19 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:19 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="youtube-grey.png"
Accept-Ranges
bytes
Content-Length
389
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
instagram-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/instagram-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f26166b8e10ee1addb81a52ab9f73f2e4706ded755b327ffc11ca093b9e93072
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:18 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 06 Mar 2023 21:49:36 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="instagram-grey.png"
Accept-Ranges
bytes
Content-Length
4458
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 21 Apr 2023 02:05:23 GMT
x-content-type-options
nosniff
age
559796
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15660
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:42:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 20 Apr 2024 02:05:23 GMT
ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Fri, 21 Apr 2023 02:05:24 GMT
x-content-type-options
nosniff
age
559795
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15528
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:53:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 20 Apr 2024 02:05:24 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 06:10:15 GMT
x-content-type-options
nosniff
age
458704
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Apr 2024 06:10:15 GMT
ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
fonts.gstatic.com/s/robotocondensed/v25/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3ab6d5bddb52a980ebe7658cca937e1ce087c1478cbeb13715876e463b2dd7f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

date
Sat, 22 Apr 2023 05:57:28 GMT
x-content-type-options
nosniff
age
459471
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17376
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:55:05 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 21 Apr 2024 05:57:28 GMT
1686908524672324
connect.facebook.net/signals/config/ 		377 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1686908524672324?v=2.9.102&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
36fd54dc0db6d1b4ea13fa602c1c86dd71d4924ec2a27ece64ef44a85996b6fb
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 27 Apr 2023 13:35:19 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
110200
x-fb-rlafr
0
x-xss-protection
0
pragma
public
x-fb-debug
J3IMU79C190uQI2ttcoEhFBr+qnXvMM81p9KSvpMJKw8HqoOyY1O3IEbT1rbJMDWgVW/OUDQskpQUKJ47EsTBg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-trip-id
1679558926
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
lock-yellow.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 		487 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/lock-yellow.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:18 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="lock-yellow.png"
Accept-Ranges
bytes
Content-Length
487
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
members.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 		6 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/members.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:23 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="members.jpg"
Accept-Ranges
bytes
Content-Length
6597
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
logo-hsabank.ashx
www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/logo-hsabank.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fc8331c82d59e08430c3a341203a29b57de8ab6595876e484fc5a31e03183693
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 23 Feb 2023 15:06:33 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="logo-hsabank.png"
Accept-Ranges
bytes
Content-Length
11026
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
open-hsa-navbanner.jpg
www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/ 		38 KB
40 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/open-hsa-navbanner.jpg
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:20:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="open-hsa-navbanner.jpg"
Accept-Ranges
bytes
Content-Length
38779
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
2022-ER-Partner-Navigation
www.hsabank.com/~/media/Images/Mobile_Responsive_2017/2017/learning-center/health-and-wealth-index/ 		57 KB
59 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/~/media/Images/Mobile_Responsive_2017/2017/learning-center/health-and-wealth-index/2022-ER-Partner-Navigation
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
175d25eb48831e6f67bacbc9afbc26665736432cc379e79c3d84148eb1acd55f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 01 Jun 2022 20:52:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="2022-ER-Partner-Navigation.jpg"
Accept-Ranges
bytes
Content-Length
58795
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
learning-center.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 		10 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/learning-center.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:22 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="learning-center.jpg"
Accept-Ranges
bytes
Content-Length
10245
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
about.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/about.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:23 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="about.jpg"
Accept-Ranges
bytes
Content-Length
11131
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
searchglass.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 		439 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/searchglass.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:19 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="searchglass.png"
Accept-Ranges
bytes
Content-Length
439
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
single-plan.jpg
www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/single-plan.jpg
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6244b5323a0f8a39ef68428cb730b734c0027a2e1c68b4bd1ec2030a0be6009a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:23 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="single-plan.jpg"
Accept-Ranges
bytes
Content-Length
3155
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
family-plan.jpg
www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/family-plan.jpg
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d371c565ec3a3cb356ca742f14883a254781cc80e4f5e02a0fd0fb6d75041406
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:23 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:15 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="family-plan.jpg"
Accept-Ranges
bytes
Content-Length
4141
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
track_page_view
nova.collect.igodigital.com/c2/7298557/ 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail%22%2C%22referrer%22%3A%22%22%7D
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.38.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-38-67.compute-1.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-runtime
0.003848
date
Thu, 27 Apr 2023 13:35:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/gif
cache-control
private
content-transfer-encoding
binary
content-disposition
inline
x-xss-protection
1; mode=block
x-request-id
7071437e-f6d5-4c00-a181-81742209d9ad
lock-yellow.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 		487 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/lock-yellow.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:22 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:18 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="lock-yellow.png"
Accept-Ranges
bytes
Content-Length
487
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
members.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 		6 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/members.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:23 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:23 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="members.jpg"
Accept-Ranges
bytes
Content-Length
6597
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
logo-hsabank.ashx
www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/ 		11 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/logo-hsabank.ashx?la=en
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fc8331c82d59e08430c3a341203a29b57de8ab6595876e484fc5a31e03183693
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 27 Apr 2023 13:35:23 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 23 Feb 2023 15:06:33 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="logo-hsabank.png"
Accept-Ranges
bytes
Content-Length
11026
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
track_page_view
nova.collect.igodigital.com/c2/7298557/ 		43 B
354 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail%22%2C%22referrer%22%3A%22%22%7D
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.45.38.67 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-38-67.compute-1.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

x-runtime
0.003363
date
Thu, 27 Apr 2023 13:35:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/gif
cache-control
private
content-transfer-encoding
binary
content-disposition
inline
x-xss-protection
1; mode=block
x-request-id
456c2987-4517-4400-aebd-fc13ded4e4f8
results
api.levelaccess.net/analytics/3.0/ 		0
322 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.levelaccess.net/analytics/3.0/results
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4457:4601:5208:6183:c586:89d5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 27 Apr 2023 13:35:23 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=3&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.5615.121 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 27 Apr 2023 13:35:23 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady function| fbq function| _fbq object| _etmc object| _etmc_temp string| func_name object| args string| collect_url object| $jscomp function| $jscomp$lookupPolyfilledValue object| LevelAccess_AccessJS_AccessEngine object| LevelAccess_AccessJS_FixPackage object| LevelAccess_AccessJS_OrgDetails object| LevelAccess_AccessJS string| AccNamePrototypeNameSpace object| LevelAccess_CalcNames string| activeTabName string| currentPageId function| onClick object| breakpointChange function| isBlank function| scrollToElement function| init_nav function| init_carousels function| activateTabAndPane function| init_audience_tabs function| deactivateAudienceTabs object| SiteData function| createCountDownClock function| checkCountDownPageURL function| checkForCountdownCookie function| createCountdownCookie function| closeCookie function| List function| ResCarouselOnInit function| ResCarouselSlide function| ResCarouselResize function| ResCarouselSize function| ResCarousel function| ResCarouselLoad1 function| resCarouselAnimator function| $ function| jQuery function| Cookies object| html5 object| Modernizr object| core object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| is function| ScrollMagic object| picturefillCFG function| picturefill object| AK

6 Cookies

Domain/Path Name / Value
www.hsabank.com/ Name: ASP.NET_SessionId
Value: 5qqm3pdnyhswum4rtictaya0
.hsabank.com/ Name: _gid
Value: GA1.2.559007179.1682602519
.hsabank.com/ Name: _gat_gtmtrack
Value: 1
.hsabank.com/ Name: _ga
Value: GA1.1.10370351.1682602519
.hsabank.com/ Name: _ga_HR1XKMEB6P
Value: GS1.1.1682602518.1.0.1682602518.60.0.0
www.hsabank.com/ Name: qs
Value: ?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email

242 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 193)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&_gaz=1&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 193)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&_gaz=1&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 193)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=10370351.1682602519&gtm=45je34q0&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 193)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=10370351.1682602519&gtm=45je34q0&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email(Line 116)
Message:
[Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=10370351.1682602519&gtm=45je34q0&aip=1&z=1104638759' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
security error URL: https://www.google-analytics.com/analytics.js(Line 35)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j100&tid=UA-187387-6&cid=10370351.1682602519&jid=2096787767&gjid=1113003775&_gid=559007179.1682602519&_u=YEBAAEAAAAAAACAAI~&z=661960499' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 193)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=utms_hsab&ep.utm_medium=email&ep.utm_source=sfmc&ep.utm_content=691751&ep.utm_term=&ep.utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&ep.url_subdirectory_2=irs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b&ep.url_directory=hsabank&ep.e_category=learning-center&_et=3' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 193)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=utms_hsab&ep.utm_medium=email&ep.utm_source=sfmc&ep.utm_content=691751&ep.utm_term=&ep.utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&ep.url_subdirectory_2=irs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b&ep.url_directory=hsabank&ep.e_category=learning-center&_et=3' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email(Line 116)
Message:
[Report Only] Refused to load the image 'https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-187387-6&cid=10370351.1682602519&jid=2096787767&_u=YEBAAEAAAAAAACAAI~&z=148719068' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
security error URL: https://www.hsabank.com/hsabank/learning-center/irs-contribution-limits-and-guidelines?utm_source=sfmc&utm_term=&utm_content=691751&utm_id=e7c0a1e5-b27b-4960-984f-1842a2269735&sfmc_activityid=b73e5fa8-ca1d-4ae1-89ea-4475791872f3&utm_medium=email(Line 116)
Message:
[Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j100&tid=UA-187387-6&cid=10370351.1682602519&jid=2096787767&_u=YEBAAEAAAAAAACAAI~&z=148719068' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
network error URL: https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail%22%2C%22referrer%22%3A%22%22%7D
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail%22%2C%22referrer%22%3A%22%22%7D
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail%22%2C%22referrer%22%3A%22%22%7D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 193)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=3&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 193)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je34q0&_p=1097974721&cid=10370351.1682602519&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AEA&_s=3&sid=1682602518&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Firs-contribution-limits-and-guidelines%3Futm_source%3Dsfmc%26utm_term%3D%26utm_content%3D691751%26utm_id%3De7c0a1e5-b27b-4960-984f-1842a2269735%26sfmc_activityid%3Db73e5fa8-ca1d-4ae1-89ea-4475791872f3%26utm_medium%3Demail&dt=HSA%20IRS%20Contribution%20Limits%20and%20Guidelines%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7298557.collect.igodigital.com
api.levelaccess.net
cdn.levelaccess.net
click.emails.hsabank.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
nova.collect.igodigital.com
region1.analytics.google.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.hsabank.com
13.111.23.196
2001:4860:4802:34::36
2600:1f18:4457:4601:5208:6183:c586:89d5
2600:9000:21f3:c800:1:fb61:2b80:93a1
2606:4700::6812:bcf
2a00:1450:4001:802::200e
2a00:1450:4001:80e::2003
2a00:1450:4001:82a::200a
2a00:1450:4001:830::2008
2a00:1450:4001:831::2003
2a00:1450:4001:831::2004
2a00:1450:400c:c07::9d
2a03:2880:f083:9:face:b00c:0:3
52.45.38.67
70.37.166.146
091ba5711e7f397eca67fb1da60968a88be608d2f4fb80955ef74f645b6e898b
134e7514c0adc4160ee20023402f2be4d7e9f869222392b4639cb05912cccca2
175d25eb48831e6f67bacbc9afbc26665736432cc379e79c3d84148eb1acd55f
2132322bd05d549065dd9b96bf238ae61daade00ac9a04dba0f2961c9b27ad94
2d91e980d6f338755fa8c1a9ec52e2b4e75f90ee211530783cddcef3978a0746
2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61
309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755
3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f
36bdf18c4c8a6854277be595fbdc66fddbc009d10c9bdeb8e71f28fea614c95d
36fd54dc0db6d1b4ea13fa602c1c86dd71d4924ec2a27ece64ef44a85996b6fb
3ab6d5bddb52a980ebe7658cca937e1ce087c1478cbeb13715876e463b2dd7f3
3adcd7060b73a40bdb29c97abbab98ef6c29038028ba0c7d974cbcdd3b1b158b
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04
510714d70c4277955aa865209771680c78789950540e91b893f9c4f990696344
5200e36210bed6a382b6760bfb9962f63af3d9df428b4425930538ead29f7970
5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
6244b5323a0f8a39ef68428cb730b734c0027a2e1c68b4bd1ec2030a0be6009a
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
7795ccf26cb60fda3f6fa6e37e706ad00fc9fd04d57d507020d69f8d0172edad
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85975a2be961791f9eca87929ad244be78a77031631e9e27baeb40b2dd2d8403
87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad
b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c
bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb
c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66
d371c565ec3a3cb356ca742f14883a254781cc80e4f5e02a0fd0fb6d75041406
d7a229a58c6420f329f8dca6dc343ba08ad13c42fae2ca4ccf948a3da791e91d
de63861454fd3da0326ddb3eafc3b6c3d2cf9af6973cfb5fc34c2ddf4b4d54ff
e208ea831c45866daa21bd38f49ba53f64ac457b9082198c5d295921f59fe8ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
e7b90d32907f89c49e9e2a2ccca95133277f756f13a14187936d9b948ff67b44
ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a
ec7a5529dd7c6368cc3d9ebeac06497ef8c77a1dd91664ce3f0fc5cc93670b3e
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f26166b8e10ee1addb81a52ab9f73f2e4706ded755b327ffc11ca093b9e93072
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fc8331c82d59e08430c3a341203a29b57de8ab6595876e484fc5a31e03183693