URL: https://www.mytjx.com/mytjx/supplier.html
Submission: On December 04 via api from US — Scanned from DE

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 29 HTTP transactions. The main IP is 52.149.215.200, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.mytjx.com. The Cisco Umbrella rank of the primary domain is 754234.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on September 25th 2023. Valid for: a year.
This is the only time www.mytjx.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 52.149.215.200 8075 (MICROSOFT...)
13 104.126.37.136 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
29 3
Apex Domain
Subdomains
Transfer
14 mytjx.com
www.mytjx.com — Cisco Umbrella Rank: 754234
91 KB
13 tjx.com
www.tjx.com — Cisco Umbrella Rank: 559531
164 KB
2 google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 587
17 KB
29 3
Domain Requested by
14 www.mytjx.com www.mytjx.com
13 www.tjx.com www.mytjx.com
www.tjx.com
2 ssl.google-analytics.com www.mytjx.com
29 3

This site contains links to these domains. Also see Links.

Domain
www.tjx.com
Subject Issuer Validity Valid
www.mytjx.com
Sectigo RSA Organization Validation Secure Server CA
2023-09-25 -
2024-09-24
a year crt.sh
www.tjx.com
DigiCert TLS RSA SHA256 2020 CA1
2023-09-05 -
2024-09-04
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-23 -
2024-01-15
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.mytjx.com/mytjx/supplier.html
Frame ID: 34E33D14F2DBEB301620F0F915E4CDFE
Requests: 16 HTTP requests in this frame

Frame: https://www.tjx.com/mytjx/supplier/supplier.html
Frame ID: 6D0D5A91B4E25D8AE0166E9CB49B8C6E
Requests: 13 HTTP requests in this frame

Screenshot

Page Title

MyTJX.com for Not-for-Resale Suppliers

Detected technologies

Overall confidence: 100%
Detected patterns
  • cufon-yui\.js

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

29
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

272 kB
Transfer

281 kB
Size

7
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

29 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request supplier.html
www.mytjx.com/mytjx/
8 KB
10 KB
Document
General
Full URL
https://www.mytjx.com/mytjx/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c8a54e4c640b0d69ca2abf49bc2ad420af0b56cf5f444d76d6c87eaf5a684712
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Content-Language
en
Content-Type
text/html
Date
Mon, 04 Dec 2023 20:06:28 GMT
Etag
"218d-5fd7b58e8a680"
Last-Modified
Tue, 06 Jun 2023 19:51:38 GMT
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-data-center
EUS
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
x-ms-proxy-transaction-id
7f2c1c00-af72-4e4d-a047-61f78c0aac24
styles_topnav.css
www.mytjx.com/mytjx/
3 KB
4 KB
Stylesheet
General
Full URL
https://www.mytjx.com/mytjx/styles_topnav.css
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
20963739b792d62ba7973b401e0a355fab4491bb653040edb283e37b705cfbc0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:28 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
Transfer-Encoding
chunked
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
x-ms-proxy-transaction-id
59d06629-2984-4434-9229-308bb17399cf
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 06 May 2014 13:52:28 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"c94-4f8bb8ef77f00"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
text/css
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
styles_main.css
www.mytjx.com/mytjx/
12 KB
13 KB
Stylesheet
General
Full URL
https://www.mytjx.com/mytjx/styles_main.css
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ab69d2a15d7b40ab64f549a7cfb2b2c5285020cbb0c082bb603c6a205156149e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:28 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
Transfer-Encoding
chunked
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
x-ms-proxy-transaction-id
124340d7-2027-43fb-8dd9-f1d539c930e3
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Wed, 15 Oct 2014 16:27:50 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"2ff5-505789ce4ad80"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
text/css
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
styles_footer.css
www.mytjx.com/mytjx/
1 KB
2 KB
Stylesheet
General
Full URL
https://www.mytjx.com/mytjx/styles_footer.css
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b4fc67bf5294724809908f9f9317036d01b817f1006038a97498833a056594a1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:28 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
Transfer-Encoding
chunked
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
x-ms-proxy-transaction-id
3c5cdcb0-20c6-41f3-9247-4cb26632b6e3
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 06 May 2014 13:45:26 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"432-4f8bb75d04980"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
text/css
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
cufon-yui.js
www.mytjx.com/mytjx/js/
18 KB
19 KB
Script
General
Full URL
https://www.mytjx.com/mytjx/js/cufon-yui.js
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
27d7d958c79fe067447031f573e4b3296a3021169f6f7668fedddbdd7390a158
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
18264
x-ms-proxy-transaction-id
bade4298-6b4f-4cd1-bc32-066ba12e80bf
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Wed, 24 Oct 2012 19:56:32 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"4758-4ccd37baddc00"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
application/x-javascript
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
NewBaskerville-BoldItalic_italic_700.font.js
www.mytjx.com/mytjx/js/
21 KB
22 KB
Script
General
Full URL
https://www.mytjx.com/mytjx/js/NewBaskerville-BoldItalic_italic_700.font.js
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ac12bd99ba9a459cd85efcca79100e89079512c4d10bc5102f698fdfb05185b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:28 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
21743
x-ms-proxy-transaction-id
cc4610a3-f39a-42a8-8415-23a9f5eb727b
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Fri, 17 Oct 2014 12:49:20 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"54ef-5059dcb28b400"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
application/x-javascript
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
tjx_logo.png
www.mytjx.com/mytjx/images/
6 KB
7 KB
Image
General
Full URL
https://www.mytjx.com/mytjx/images/tjx_logo.png
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0928d8710879135c6b63790fd92b54e1de7fc6185fb05a6265159c58f3d4bc4b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
6389
x-ms-proxy-transaction-id
e845b044-77d9-43fa-bd4f-f1b41c1f6e50
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 20 May 2014 15:27:22 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"18f5-4f9d684224a80"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
image/png
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
supplier.html
www.tjx.com/mytjx/supplier/ Frame 6D0D
6 KB
6 KB
Document
General
Full URL
https://www.tjx.com/mytjx/supplier/supplier.html
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
085bdde0e395de90660a4e01e76d4e98bd00b275783b0f484adc833f2b569339
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:; frame-ancestors 'self' mytjx.com www.mytjx.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.mytjx.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=2678400
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2077
Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:; frame-ancestors 'self' mytjx.com www.mytjx.com
Content-Type
text/html
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Opener-Policy
unsafe-none
Cross-Origin-Resource-Policy
cross-origin
Date
Mon, 04 Dec 2023 20:06:30 GMT
ETag
"0ec4599f1f0d71:0"
Last-Modified
Tue, 14 Dec 2021 13:50:48 GMT
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Referrer-Policy
no-referrer-when-downgrade
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Powered-By
ASP.NET
X-XSS-Protection
1; mode=block
ga.js
ssl.google-analytics.com/
45 KB
17 KB
Script
General
Full URL
https://ssl.google-analytics.com/ga.js
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 04 Dec 2023 19:54:56 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
694
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17168
expires
Mon, 04 Dec 2023 21:54:56 GMT
main_bg_grad.jpg
www.mytjx.com/mytjx/images/
530 B
2 KB
Image
General
Full URL
https://www.mytjx.com/mytjx/images/main_bg_grad.jpg
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/styles_main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
381e9833fe5b8f31a6c88afe12db94ee7028421aa0d05af91c186411d5b0bb39
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/styles_main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
530
x-ms-proxy-transaction-id
8ab5c84c-781f-42bf-b9e0-90c351c1ecb8
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 20 May 2014 15:27:20 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"212-4f9d68403c600"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
image/jpeg
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
top_gray_bg.jpg
www.mytjx.com/mytjx/images/
317 B
1 KB
Image
General
Full URL
https://www.mytjx.com/mytjx/images/top_gray_bg.jpg
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/styles_main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
21b079177720c67980794e6b51ba450430f30a0a97d64553bef3dec4a8aeb431
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/styles_main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
317
x-ms-proxy-transaction-id
438af7c4-23c0-441b-bf79-667f613bb79b
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 20 May 2014 15:27:22 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"13d-4f9d684224a80"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
image/jpeg
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
top_red_box.png
www.mytjx.com/mytjx/images/
3 KB
4 KB
Image
General
Full URL
https://www.mytjx.com/mytjx/images/top_red_box.png
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/styles_topnav.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2d7320e80da6e85540c52cde2d8e179f434d10168d7596d4d815fc5d71c58466
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/styles_topnav.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
2858
x-ms-proxy-transaction-id
dbd0117a-94f3-4a4c-a6bb-8ae12e515cad
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 20 May 2014 15:27:22 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"b2a-4f9d684224a80"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
image/png
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
bg_gradient_box_main2.gif
www.mytjx.com/mytjx/images/
233 B
1 KB
Image
General
Full URL
https://www.mytjx.com/mytjx/images/bg_gradient_box_main2.gif
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/styles_main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0434af299709244ca2dc656443651ff2d824ee78d7a8bb0a538bc8b8071aaa5b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/styles_main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
233
x-ms-proxy-transaction-id
e1c49645-b81a-4fd1-baa4-7de8a98b5ca9
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 20 May 2014 15:27:20 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"e9-4f9d68403c600"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
image/gif
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
bg_gray_box.gif
www.mytjx.com/mytjx/images/
55 B
1 KB
Image
General
Full URL
https://www.mytjx.com/mytjx/images/bg_gray_box.gif
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/styles_main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0ef4d9d2df79ce5c7e4e5d9c92eb9752a8cd24bd18110cac62be854118fe5a69
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/styles_main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
642bf852-490a-44cb-b9e4-41f1bd1d45d6
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
55
x-ms-proxy-transaction-id
c7b7b002-5e23-4063-b3f4-283512960dc2
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 20 May 2014 15:27:20 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"37-4f9d68403c600"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
image/gif
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
bg_gradient_box_bottom.gif
www.mytjx.com/mytjx/images/
475 B
2 KB
Image
General
Full URL
https://www.mytjx.com/mytjx/images/bg_gradient_box_bottom.gif
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/styles_main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e0c955a81ca842b74af1cd8c093997c37dea74b7472558ad77128b36f1eff1e7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/styles_main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
475
x-ms-proxy-transaction-id
9661a0c4-adcd-443b-9f13-586d5440fb40
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 20 May 2014 15:27:18 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"1db-4f9d683e54180"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
image/gif
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
footer_red_box.png
www.mytjx.com/mytjx/images/
2 KB
3 KB
Image
General
Full URL
https://www.mytjx.com/mytjx/images/footer_red_box.png
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/styles_footer.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.149.215.200 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f9116a0075781ccc2e576a4d93115be57524ae986e9c7e0cda77b3b2984d7887
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/mytjx/styles_footer.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date
Mon, 04 Dec 2023 20:06:29 GMT
X-Content-Type-Options
nosniff
Nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
x-ms-proxy-connector-id
a6df1d01-bbb6-4451-b2a3-71fccfccbb07
x-ms-proxy-app-id
f869e15a-52ca-4dcf-b52c-3f6c7d29312e
x-ms-proxy-subscription-id
2242945a-4ab9-4132-840e-cce1c66e31bb
Content-Length
2045
x-ms-proxy-transaction-id
9abec2a3-e9e8-47d3-9b29-abae4d84a36c
x-ms-proxy-service-name
proxy-appproxy-EUS-MNZ01P-3
Last-Modified
Tue, 20 May 2014 15:27:20 GMT
x-ms-proxy-group-id
9dbb8022-3e86-4531-9148-6071d3573ad9
Etag
"7fd-4f9d68403c600"
X-Frame-Options
SAMEORIGIN
Report-To
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://ffde.nelreports.net/api/report?cat=proxy-appproxy-EUS-MNZ01P-3"}]}
Content-Type
image/png
Content-Language
en
Accept-Ranges
bytes
x-ms-proxy-data-center
EUS
__utm.gif
ssl.google-analytics.com/r/
35 B
197 B
Image
General
Full URL
https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=519093101&utmhn=www.mytjx.com&utmcs=UTF-8&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=MyTJX.com%20for%20Not-for-Resale%20Suppliers&utmhid=381617377&utmr=-&utmp=%2Fmytjx%2Fsupplier.html&utmht=1701720390284&utmac=UA-47731531-1&utmcc=__utma%3D225008390.1398597653.1701720390.1701720390.1701720390.1%3B%2B__utmz%3D225008390.1701720390.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1055041008&utmredir=1&utmu=qAAAAAAAAAAAAAAAAAAAAAAE~
Requested by
Host: www.mytjx.com
URL: https://www.mytjx.com/mytjx/supplier.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.mytjx.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 04 Dec 2023 20:06:30 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
styles_main.css
www.tjx.com/mytjx/supplier/ Frame 6D0D
12 KB
6 KB
Stylesheet
General
Full URL
https://www.tjx.com/mytjx/supplier/styles_main.css
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
42a9eb98320f6bb9e6134946fad7a594d41c29bbfc4302cd1d08ca281cf2ed2a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:30 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
2530
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 04 Sep 2014 18:20:34 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"05e6ea6cc8cf1:0"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=569930
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
cufon-yui.js
www.tjx.com/mytjx/supplier/js/ Frame 6D0D
18 KB
10 KB
Script
General
Full URL
https://www.tjx.com/mytjx/supplier/js/cufon-yui.js
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
27d7d958c79fe067447031f573e4b3296a3021169f6f7668fedddbdd7390a158
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:30 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
7480
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 24 Oct 2012 20:56:32 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"080cdb2ab2cd1:0"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=73853
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
NewBaskerville-BoldItalic_italic_700.font.js
www.tjx.com/mytjx/supplier/js/ Frame 6D0D
21 KB
12 KB
Script
General
Full URL
https://www.tjx.com/mytjx/supplier/js/NewBaskerville-BoldItalic_italic_700.font.js
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ac12bd99ba9a459cd85efcca79100e89079512c4d10bc5102f698fdfb05185b1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
8971
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 26 May 2010 13:57:44 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"07c16adbfcca1:0"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=42045
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
supplier-banner.png
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
32 KB
35 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/supplier-banner.png
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9a6bcbc72a440754220ca1b1a37878f76d51ccb6c6162ebfdb681f8a65ccade0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
32548
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Mon, 14 Jan 2019 12:57:04 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"0d0aea58acd41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=42133
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
dotline_573.jpg
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
909 B
4 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/dotline_573.jpg
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e6b0eac7b0ce60f6f0c8d6c18d1a3306ab16a12c9d6f5f1e74fdd1627bbb3dfe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
909
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Fri, 27 Feb 2009 21:27:00 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"0eae71f2299c91:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=73838
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
supplier-rfi-rfq.png
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
9 KB
12 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/supplier-rfi-rfq.png
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
6e7d30dfb7e00bdd7e8fb8cecc3da1ea80b445e0bd9962916360c9bea3c2f565
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
9491
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 21 Feb 2019 20:35:36 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"05ccfff24cad41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=569913
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
link_arrow_sm.jpg
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
13 KB
16 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/link_arrow_sm.jpg
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
249c4ecdbe56bdff990a578ef1ee0ced7cc90b2944b5be8309bc4061f5f85bfa
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
13190
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Mon, 05 May 2014 14:26:12 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"09ae5f66d68cf1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=42060
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
supplier-isupplier.png
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
9 KB
12 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/supplier-isupplier.png
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
90592fad808cd080262b8714648bfb6c7eccbf27d7a8849252922d16e0af9e4d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
9248
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 21 Feb 2019 20:35:36 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"05ccfff24cad41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=73752
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
supplier-cr.png
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
9 KB
12 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/supplier-cr.png
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
a06eebf06d2c1f9f877133dcf52e7766e108904fb447c0e082df70428c7bcd66
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
9402
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Thu, 21 Feb 2019 20:35:36 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"05ccfff24cad41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=569927
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
supplier-nda.png
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
14 KB
17 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/supplier-nda.png
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
6ef73d87446a9603464a1a533769bc6e18e124d3757a3e5b29a9a31ea8e00528
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
14693
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Wed, 21 Sep 2016 17:31:10 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"08334f12d14d21:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=42060
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
supplier-diversity.png
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
5 KB
9 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/supplier-diversity.png
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9547d4ab46a07bd2e71f68aa9ca5a36724946855fc712c0bbaca36c6246f4806
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
5620
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 30 Nov 2021 20:11:00 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"062806426e6d71:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=41957
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes
environmental-sustainability.png
www.tjx.com/mytjx/supplier/images/ Frame 6D0D
10 KB
13 KB
Image
General
Full URL
https://www.tjx.com/mytjx/supplier/images/environmental-sustainability.png
Requested by
Host: www.tjx.com
URL: https://www.tjx.com/mytjx/supplier/supplier.html
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.136 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-136.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
7b9ba8027fae41b900af1574fa0f5914cd70cfd63dff0fe41904375055d0b046
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.tjx.com/mytjx/supplier/supplier.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' *.googleapis.com *.gstatic.com www.google.com apis.google.com connect.facebook.net ajax.aspnetcdn.com https://www.youtube.com platform.twitter.com https://syndication.twitter.com/ https://s.ytimg.com https://publish.twitter.com *.twimg.com platform.linkedin.com http://platform.stumbleupon.com/1/widgets.js https://*.googletagmanager.com *.brightcove.net *.brightcove.com *.zencdn.net *.google-analytics.com cdn.ampproject.org 'unsafe-inline' 'unsafe-eval'; style-src 'self' *.googleapis.com *.gstatic.com netdna.bootstrapcdn.com kendo.cdn.telerik.com www.google.com platform.twitter.com/css/ *.twimg.com 'unsafe-inline'; img-src 'self' *.gstatic.com *.googleapis.com platform.tumblr.com web.facebook.com www.facebook.com www.redditstatic.com www.linkedin.com i.ytimg.com https://syndication.twitter.com https://static.licdn.com/scds/common/u/images/apps/connect/sprites/sprite_connect_v14.png pbs.twimg.com platform.twitter.com/css/ *.twimg.com data: blob: https://*.googletagmanager.com *.brightcove.com *.boltdns.net *.google-analytics.com; font-src 'self' fonts.gstatic.com kendo.cdn.telerik.com netdna.bootstrapcdn.com data:; frame-src 'self' investor.tjx.com; connect-src 'self' data: accounts.google.com *.gstatic.com https://*.googletagmanager.com *.googleapis.com *.brightcove.com manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net *.google-analytics.com; media-src 'self' data: blob: manifest.prod.boltdns.net bcbolt446c5271-a.akamaihd.net; child-src 'self' https://platform.twitter.com/ https://syndication.twitter.com/ https://www.youtube.com/ https://www.youtube-nocookie.com https://player.vimeo.com/ https://w.soundcloud.com/ apis.google.com accounts.google.com staticxx.facebook.com www.facebook.com web.facebook.com badge.stumbleupon.com *.brightcove.com *.brightcove.net blob:
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 04 Dec 2023 20:06:31 GMT
Cross-Origin-Embedder-Policy
unsafe-none
X-Powered-By
ASP.NET
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
Content-Length
9969
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 14 Dec 2021 13:43:36 GMT
Server
Microsoft-IIS/10.0
Cross-Origin-Opener-Policy
unsafe-none
ETag
"0f4c797f0f0d71:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=430571
Permissions-Policy
accelerometer=(self), ambient-light-sensor=(self), autoplay=(self), battery=(self), camera=(self), cross-origin-isolated=(self), display-capture=(self), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(self), execution-while-out-of-viewport=(self), fullscreen=(self), geolocation=(self), gyroscope=(self), keyboard-map=(self), magnetometer=(self), microphone=(self), midi=(self), navigation-override=(self), payment=(self), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(self), sync-xhr=(self), usb=(self), web-share=(self), xr-spatial-tracking=(self)
Accept-Ranges
bytes

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| Cufon object| _gaq object| _gat object| gaGlobal

7 Cookies

Domain/Path Name / Value
www.mytjx.com/ Name: BIGipServerebsWWW-External
Value: rd40o00000000000000000000ffffac10299bo8001
www.mytjx.com/ Name: AzureAppProxyAnalyticCookie_f869e15a-52ca-4dcf-b52c-3f6c7d29312e_https_1.3
Value: 4|WEzzMqAJyoysiF48PKh9EpUnvA+1O4oG1BjEnAVf67565SXovtSkmFMPzGOmCWRAWuwHSA64Tn6YDsShXaPrSNMfQdD93Z0sIyIX1OE21dfleI0fRwrKUbvjZeVozMi47odwmuh1a+kQbKgjvpSiXw==
.mytjx.com/ Name: __utma
Value: 225008390.1398597653.1701720390.1701720390.1701720390.1
.mytjx.com/ Name: __utmc
Value: 225008390
.mytjx.com/ Name: __utmz
Value: 225008390.1701720390.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
.mytjx.com/ Name: __utmt
Value: 1
.mytjx.com/ Name: __utmb
Value: 225008390.1.10.1701720390

7 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ssl.google-analytics.com
www.mytjx.com
www.tjx.com
104.126.37.136
2a00:1450:4001:813::2008
52.149.215.200
0434af299709244ca2dc656443651ff2d824ee78d7a8bb0a538bc8b8071aaa5b
085bdde0e395de90660a4e01e76d4e98bd00b275783b0f484adc833f2b569339
0928d8710879135c6b63790fd92b54e1de7fc6185fb05a6265159c58f3d4bc4b
0ef4d9d2df79ce5c7e4e5d9c92eb9752a8cd24bd18110cac62be854118fe5a69
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
20963739b792d62ba7973b401e0a355fab4491bb653040edb283e37b705cfbc0
21b079177720c67980794e6b51ba450430f30a0a97d64553bef3dec4a8aeb431
249c4ecdbe56bdff990a578ef1ee0ced7cc90b2944b5be8309bc4061f5f85bfa
27d7d958c79fe067447031f573e4b3296a3021169f6f7668fedddbdd7390a158
2d7320e80da6e85540c52cde2d8e179f434d10168d7596d4d815fc5d71c58466
381e9833fe5b8f31a6c88afe12db94ee7028421aa0d05af91c186411d5b0bb39
42a9eb98320f6bb9e6134946fad7a594d41c29bbfc4302cd1d08ca281cf2ed2a
6e7d30dfb7e00bdd7e8fb8cecc3da1ea80b445e0bd9962916360c9bea3c2f565
6ef73d87446a9603464a1a533769bc6e18e124d3757a3e5b29a9a31ea8e00528
7b9ba8027fae41b900af1574fa0f5914cd70cfd63dff0fe41904375055d0b046
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
90592fad808cd080262b8714648bfb6c7eccbf27d7a8849252922d16e0af9e4d
9547d4ab46a07bd2e71f68aa9ca5a36724946855fc712c0bbaca36c6246f4806
9a6bcbc72a440754220ca1b1a37878f76d51ccb6c6162ebfdb681f8a65ccade0
a06eebf06d2c1f9f877133dcf52e7766e108904fb447c0e082df70428c7bcd66
ab69d2a15d7b40ab64f549a7cfb2b2c5285020cbb0c082bb603c6a205156149e
ac12bd99ba9a459cd85efcca79100e89079512c4d10bc5102f698fdfb05185b1
b4fc67bf5294724809908f9f9317036d01b817f1006038a97498833a056594a1
c8a54e4c640b0d69ca2abf49bc2ad420af0b56cf5f444d76d6c87eaf5a684712
e0c955a81ca842b74af1cd8c093997c37dea74b7472558ad77128b36f1eff1e7
e6b0eac7b0ce60f6f0c8d6c18d1a3306ab16a12c9d6f5f1e74fdd1627bbb3dfe
f9116a0075781ccc2e576a4d93115be57524ae986e9c7e0cda77b3b2984d7887