urlscan.io logo urlscan.io
SecurityTrails logo

web-loan-application-dev.bigbank.se Open in urlscan Pro
185.235.160.30  Public Scan

Go To Rescan Add Verdict Report
URL: https://web-loan-application-dev.bigbank.se/
Submission: On September 01 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 3 countries across 5 domains to perform 27 HTTP transactions. The main IP is 185.235.160.30, located in Estonia and belongs to BIGBANK, EE. The main domain is web-loan-application-dev.bigbank.se.
TLS certificate: Issued by R3 on September 1st 2021. Valid for: 3 months.
This is the only time web-loan-application-dev.bigbank.se was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 185.235.160.30 204411 (BIGBANK)
2 2001:678:6a0:... 207647 (INTENTION-AS)
1 2 104.16.168.131 13335 (CLOUDFLAR...)
7 104.16.169.131 13335 (CLOUDFLAR...)
2 185.235.160.8 204411 (BIGBANK)
27 6
12    185.235.160.30 (Estonia)

ASN204411 (BIGBANK, EE)
web-loan-application-dev.bigbank.se
2    2001:678:6a0::3:101 (Leningradskaya, Russian Federation)

ASN207647 (INTENTION-AS, NL)
bigbank.uriports.com
2    104.16.168.131 (None, )

ASN13335 (CLOUDFLARENET, US)
hcaptcha.com
newassets.hcaptcha.com
7    104.16.169.131 (None, )

ASN13335 (CLOUDFLARENET, US)
newassets.hcaptcha.com
hcaptcha.com
2    185.235.160.8 (Estonia)

ASN204411 (BIGBANK, EE)
apm.bigbank.eu
Domain Requested by
12 web-loan-application-dev.bigbank.se web-loan-application-dev.bigbank.se
6 newassets.hcaptcha.com web-loan-application-dev.bigbank.se
hcaptcha.com
newassets.hcaptcha.com
3 hcaptcha.com 1 redirects newassets.hcaptcha.com
2 apm.bigbank.eu web-loan-application-dev.bigbank.se
2 bigbank.uriports.com web-loan-application-dev.bigbank.se
0 login-service-central-dev.dca.origin.big.local Failed web-loan-application-dev.bigbank.se
27 6

This site contains links to these domains. Also see Links.

Domain
www.bigbank.se
static.bigbank.se
Subject Issuer Validity Valid
web-loan-application-dev.bigbank.se
R3		 2021-09-01 -
2021-11-30		 3 months crt.sh
*.uriports.com
Sectigo RSA Domain Validation Secure Server CA		 2021-03-08 -
2022-03-20		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-15 -
2022-06-14		 a year crt.sh
apm.bigbank.eu
R3		 2021-08-03 -
2021-11-01		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://web-loan-application-dev.bigbank.se/
Frame ID: 007207275CAEAA18523FE09355DD4429
Requests: 18 HTTP requests in this frame

Frame: https://login-service-central-dev.dca.origin.big.local/heartbeat
Frame ID: CAF358FE447FE24C3F78150644D7E6C3
Requests: 1 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
Frame ID: B6288E5BE28287B18A192AA5F81AEE28
Requests: 2 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
Frame ID: FB8AE83383681A621971608F4A60D519
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Ansökan | Bigbank

Page Statistics

27
Requests

89 %
HTTPS

20 %
IPv6

5
Domains

6
Subdomains

6
IPs

3
Countries

787 kB
Transfer

2677 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://hcaptcha.com/1/api.js?render=explicit&onload=_hcaptchaOnLoad&hl=sv&sentry=true HTTP 302
  • https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha.js

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
web-loan-application-dev.bigbank.se/ 		1 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
254a6812d48812128e1e1c373c866d3480b0acd80132a4e318850a92c9fc2c4c
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-5285c5a1e5d188c5cdeda5a268a3d294' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
web-loan-application-dev.bigbank.se
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

X-Powered-By
Express
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Set-Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; Path=/ c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958; path=/; HttpOnly; Secure
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-5285c5a1e5d188c5cdeda5a268a3d294' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Accept-Ranges
bytes
Cache-Control
public, max-age=0
Last-Modified
Fri, 27 Aug 2021 12:04:51 GMT
ETag
W/"567-17b877f96b8"
Content-Type
text/html; charset=UTF-8
Vary
Accept-Encoding
Content-Encoding
gzip
Date
Wed, 01 Sep 2021 09:50:01 GMT
Keep-Alive
timeout=5
Transfer-Encoding
chunked
Cache-control
private
app.16920b0a.css
web-loan-application-dev.bigbank.se/css/ 		808 B
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/css/app.16920b0a.css
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
ac78a6812da536d68dad174921c3a42f1692c3154f3cc7a0b30940be66540187
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://web-loan-application-dev.bigbank.se/
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Powered-By
Express
Date
Wed, 01 Sep 2021 09:50:01 GMT
Content-Length
808
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 27 Aug 2021 12:04:51 GMT
ETag
W/"328-17b877f96b8"
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Accept-Ranges
bytes
Keep-Alive
timeout=5
chunk-vendors.54832e0a.css
web-loan-application-dev.bigbank.se/css/ 		241 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
0da8773c03348dd54b1c8ba87216b3065b9ddb8afea668107aaf6d0f13c81ef8
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://web-loan-application-dev.bigbank.se/
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Express
Transfer-Encoding
chunked
Date
Wed, 01 Sep 2021 09:50:01 GMT
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 27 Aug 2021 12:04:51 GMT
ETag
W/"3c46d-17b877f96b8"
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Accept-Ranges
bytes
Keep-Alive
timeout=5
app.2d913425.js
web-loan-application-dev.bigbank.se/js/ 		128 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/js/app.2d913425.js
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
148fb1a965da50a0e213290746c7b0234fd2fe95c305bb3493e69cdfa092805a
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web-loan-application-dev.bigbank.se
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://web-loan-application-dev.bigbank.se/
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Origin
https://web-loan-application-dev.bigbank.se
Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Express
Transfer-Encoding
chunked
Date
Wed, 01 Sep 2021 09:50:01 GMT
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 27 Aug 2021 12:04:52 GMT
ETag
W/"1fece-17b877f9aa0"
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Accept-Ranges
bytes
Keep-Alive
timeout=5
chunk-vendors.aff65a36.js
web-loan-application-dev.bigbank.se/js/ 		1 MB
373 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/js/chunk-vendors.aff65a36.js
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
2772326191ee33d1a9b6385bf9ae351a34d7e6fa15337e596afbaf238da69d1f
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web-loan-application-dev.bigbank.se
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://web-loan-application-dev.bigbank.se/
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Origin
https://web-loan-application-dev.bigbank.se
Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Express
Transfer-Encoding
chunked
Date
Wed, 01 Sep 2021 09:50:01 GMT
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 27 Aug 2021 12:04:52 GMT
ETag
W/"176052-17b877f9aa0"
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Accept-Ranges
bytes
Keep-Alive
timeout=5
configuration.js
web-loan-application-dev.bigbank.se/ 		313 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/configuration.js
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
baace17f0b043bab6b3545f9af8453d7cf3b937b7c31d8ff9dd629b23573fbdd
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://web-loan-application-dev.bigbank.se/
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Date
Wed, 01 Sep 2021 09:50:01 GMT
ETag
W/"139-YSgvlzYg0QOfQRMBczoW0eA0In0"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Keep-Alive
timeout=5
Content-Length
313
X-XSS-Protection
1; mode=block
report
bigbank.uriports.com/reports/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://bigbank.uriports.com/reports/report
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:678:6a0::3:101 Leningradskaya, Russian Federation, ASN207647 (INTENTION-AS, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/csp-report

Response headers
report
bigbank.uriports.com/reports/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://bigbank.uriports.com/reports/report
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:678:6a0::3:101 Leningradskaya, Russian Federation, ASN207647 (INTENTION-AS, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/csp-report

Response headers
heartbeat
login-service-central-dev.dca.origin.big.local/ Frame CAF3 		0
0
GothamSSm-Bold.4efe66b7.otf
web-loan-application-dev.bigbank.se/fonts/ 		125 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/fonts/GothamSSm-Bold.4efe66b7.otf
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
0e0e1b11f791666161be1df51bf2c338d78de5fae98e9f1c7231dc5f02283cd5
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web-loan-application-dev.bigbank.se
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Origin
https://web-loan-application-dev.bigbank.se
Referer
https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Express
Transfer-Encoding
chunked
Date
Wed, 01 Sep 2021 09:50:02 GMT
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 27 Aug 2021 12:04:51 GMT
ETag
W/"1f548-17b877f96b8"
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
Content-Type
font/otf
Cache-Control
public, max-age=0
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Accept-Ranges
bytes
Keep-Alive
timeout=5
GothamSSm-Medium.f2afb4c3.otf
web-loan-application-dev.bigbank.se/fonts/ 		126 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/fonts/GothamSSm-Medium.f2afb4c3.otf
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
5613e4050d5f74507cedccde396912626e9bb945a5a95efc3ccd2e30b876c706
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web-loan-application-dev.bigbank.se
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Origin
https://web-loan-application-dev.bigbank.se
Referer
https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Express
Transfer-Encoding
chunked
Date
Wed, 01 Sep 2021 09:50:02 GMT
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 27 Aug 2021 12:04:51 GMT
ETag
W/"1f604-17b877f96b8"
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
Content-Type
font/otf
Cache-Control
public, max-age=0
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Accept-Ranges
bytes
Keep-Alive
timeout=5
GothamSSm-Book.5fd222f7.otf
web-loan-application-dev.bigbank.se/fonts/ 		124 KB
65 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/fonts/GothamSSm-Book.5fd222f7.otf
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
97bd09001c0dc97c7f47c4bd7a2ed2ef2efe3d6264fae21e3622bdf49228acb2
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://web-loan-application-dev.bigbank.se
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
Accept-Language
en-US
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Origin
https://web-loan-application-dev.bigbank.se
Referer
https://web-loan-application-dev.bigbank.se/css/chunk-vendors.54832e0a.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Powered-By
Express
Transfer-Encoding
chunked
Date
Wed, 01 Sep 2021 09:50:02 GMT
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 27 Aug 2021 12:04:52 GMT
ETag
W/"1ee64-17b877f9aa0"
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
Content-Type
font/otf
Cache-Control
public, max-age=0
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Accept-Ranges
bytes
Keep-Alive
timeout=5
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/1eed1c2/
Redirect Chain
  • https://hcaptcha.com/1/api.js?render=explicit&onload=_hcaptchaOnLoad&hl=sv&sentry=true
  • https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha.js
82 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha.js
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.168.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da756be273d085e43e817a6db80ce11368f24a7230cd8352d62a954d333dae4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 09:50:02 GMT
via
1.1 8197d89da72990bb606996d5e7c73ab6.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
75212
cf-polished
origSize=84485
x-cache
Hit from cloudfront
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Tue, 31 Aug 2021 12:55:38 GMT
server
cloudflare
etag
W/"c741ae5800d89768248ae898a4941bac"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=1209600
x-amz-cf-pop
PRG50-C1
cf-ray
687d978f9f8ff9de-PRG
x-amz-cf-id
oYta80YGqhAeJjK977-pihkjkfAARJXPdLSvYQiAnrZJi3OVW5TtYw==
cf-bgj
minify

Redirect headers

date
Wed, 01 Sep 2021 09:50:02 GMT
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
location
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha.js
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
strict-transport-security
max-age=2592000; includeSubDomains; preload
cf-ray
687d978f2f16f9de-PRG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:01 GMT
session
web-loan-application-dev.bigbank.se/api/v1/ 		0
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/api/v1/session
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-9f69dda73fe835c32c4e06816f9404ce' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
web-loan-application-dev.bigbank.se
traceparent
00-7026bfbda8c6a4841aa2ff089fc04316-5d9ef23eb90e7872-01
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept-Language
en-US
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Sec-Fetch-Dest
empty
Referer
https://web-loan-application-dev.bigbank.se/
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Accept
application/json, text/plain, */*
Referer
https://web-loan-application-dev.bigbank.se/
traceparent
00-7026bfbda8c6a4841aa2ff089fc04316-5d9ef23eb90e7872-01
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
x-powered-by
Express
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
session-expiry-datetime
2021-09-01T10:20:02.164Z
X-Content-Type-Options
nosniff
date
Wed, 01 Sep 2021 09:50:02 GMT
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-9f69dda73fe835c32c4e06816f9404ce' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
set-cookie
loanorigination.sid=s%3AT2ZCd6MplsRPzBW2B0gZv_ANvQl-CePe.F5auJIDjnwQoZUECbVegJTvew8IE2v88H5R6wbYhL1M; Path=/; Expires=Wed, 01 Sep 2021 10:05:02 GMT; HttpOnly
X-XSS-Protection
1; mode=block
pricing-conditions
web-loan-application-dev.bigbank.se/api/v2/ 		1 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/api/v2/pricing-conditions
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
f7a5f8215932251b5d4a43465005307d2e74b590174f6b6aca26d61a8a4bb9cd
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-bf611b42686de421c672f50cb6d5aa32' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Origin
https://web-loan-application-dev.bigbank.se
Accept-Encoding
gzip, deflate, br
traceparent
00-7026bfbda8c6a4841aa2ff089fc04316-f42f0585e6e28d62-01
Accept-Language
en-US
Sec-Fetch-Dest
empty
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958
Connection
keep-alive
Content-Length
2
Pragma
no-cache
Host
web-loan-application-dev.bigbank.se
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://web-loan-application-dev.bigbank.se/
Sec-Fetch-Site
same-origin
Accept
application/json, text/plain, */*
Referer
https://web-loan-application-dev.bigbank.se/
traceparent
00-7026bfbda8c6a4841aa2ff089fc04316-f42f0585e6e28d62-01
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
x-powered-by
Express
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
session-expiry-datetime
2021-09-01T10:20:02.167Z
content-type
application/json; charset=utf-8
date
Wed, 01 Sep 2021 09:50:02 GMT
etag
W/"49a-GOBdJT5z6Y9BK+NgSiyXWaM7PwM"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-bf611b42686de421c672f50cb6d5aa32' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
set-cookie
Authenticated=false; Path=/ loanorigination.sid=s%3AtuIwC9O9cWLpGe0YrKCWoENyzskPpC7v.8WdDvnCTkieqQmpPGd077TWON644FVEzkm9OogeG5ME; Path=/; Expires=Wed, 01 Sep 2021 10:05:02 GMT; HttpOnly
Transfer-Encoding
chunked
X-XSS-Protection
1; mode=block
check
login-service-central-dev.dca.origin.big.local/login/ 		0
0
calculate
web-loan-application-dev.bigbank.se/api/v1/loan/ 		70 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-dev.bigbank.se/api/v1/loan/calculate
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.30 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
75f45494dd809ad088f771f141025680ab7c43380171775fb51621c69a197712
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-bf2afec9c4a9b30db40b1939bb27c2f0' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Origin
https://web-loan-application-dev.bigbank.se
Accept-Encoding
gzip, deflate, br
traceparent
00-7026bfbda8c6a4841aa2ff089fc04316-d742f66b2108b88c-01
Accept-Language
en-US
Sec-Fetch-Dest
empty
Cookie
resourceCheck=5285c5a1e5d188c5cdeda5a268a3d294; c409d35afd992e6490f2d48a7063ce33=04cff8f61ceb47661e4dbf107fb2c958; loanorigination.sid=s%3AT2ZCd6MplsRPzBW2B0gZv_ANvQl-CePe.F5auJIDjnwQoZUECbVegJTvew8IE2v88H5R6wbYhL1M
Connection
keep-alive
Content-Length
159
Pragma
no-cache
Host
web-loan-application-dev.bigbank.se
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json;charset=UTF-8
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://web-loan-application-dev.bigbank.se/
Sec-Fetch-Site
same-origin
Accept
application/json, text/plain, */*
Referer
https://web-loan-application-dev.bigbank.se/
traceparent
00-7026bfbda8c6a4841aa2ff089fc04316-d742f66b2108b88c-01
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
x-powered-by
Express
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
Vary
Accept-Encoding
session-expiry-datetime
2021-09-01T10:20:02.260Z
content-type
application/json; charset=utf-8
date
Wed, 01 Sep 2021 09:50:02 GMT
etag
W/"46-8PMmRuJNknScSDnj4Z6AL3x0zkw"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-bf2afec9c4a9b30db40b1939bb27c2f0' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
set-cookie
Authenticated=false; Path=/ loanorigination.sid=s%3AT2ZCd6MplsRPzBW2B0gZv_ANvQl-CePe.F5auJIDjnwQoZUECbVegJTvew8IE2v88H5R6wbYhL1M; Path=/; Expires=Wed, 01 Sep 2021 10:05:02 GMT; HttpOnly
content-length
70
X-XSS-Protection
1; mode=block
hcaptcha-challenge.html
newassets.hcaptcha.com/captcha/v1/1eed1c2/static/ Frame B628 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
Requested by
Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?render=explicit&onload=_hcaptchaOnLoad&hl=sv&sentry=true
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e67e381de0955a30a43141bfd00394996a1b36719543d432a44d35559bc8f8e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
newassets.hcaptcha.com
:scheme
https
:path
/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://web-loan-application-dev.bigbank.se/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://web-loan-application-dev.bigbank.se/

Response headers

date
Wed, 01 Sep 2021 09:50:02 GMT
content-type
text/html
last-modified
Tue, 31 Aug 2021 12:55:38 GMT
cache-control
max-age=1209600
x-cache
Hit from cloudfront
via
1.1 d19bc25644fc0cb24d9e1c2cb87755cb.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-amz-cf-id
FXBjM5yOggOGB5_IUgveikJwPPbxp9sDn6f3cIqQjjLsKwp8OOruAg==
age
75213
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
687d97902e3f411f-PRG
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
hcaptcha-checkbox.html
newassets.hcaptcha.com/captcha/v1/1eed1c2/static/ Frame FB8A 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
Requested by
Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?render=explicit&onload=_hcaptchaOnLoad&hl=sv&sentry=true
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9b5939e08068f659c962eb28acff7c85f9806c01aaf896306384b0c2cd8f576
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
newassets.hcaptcha.com
:scheme
https
:path
/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://web-loan-application-dev.bigbank.se/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://web-loan-application-dev.bigbank.se/

Response headers

date
Wed, 01 Sep 2021 09:50:02 GMT
content-type
text/html
last-modified
Tue, 31 Aug 2021 12:55:38 GMT
cache-control
max-age=1209600
x-cache
Hit from cloudfront
via
1.1 41b7bdf4fb536a6c72b9f49d9b6affe9.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-amz-cf-id
5-s3T-1YDlb9IU1C0eCN58chYHuCrHpyM3LN3y4BoS_9hqmK46i5Jw==
age
75213
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
687d97902e3e411f-PRG
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
sv.json
newassets.hcaptcha.com/captcha/v1/1eed1c2/static/i18n/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/i18n/sv.json
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c1140bd5a44db11840d1eeb81401090704993b1d02cb04e7095f155eda7f506
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 09:50:02 GMT
via
1.1 9b9ab8e6e595847652a9158c684a8926.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Tue, 31 Aug 2021 12:55:47 GMT
server
cloudflare
etag
W/"a9409f3a1ff4d45b2df0b8669d6fe366"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control
max-age=1209600
cf-ray
687d979028014113-PRG
x-amz-cf-id
z1mtP0ordSCkriLsr1J-4KFAGwRFlIiC8T3JPo2e5yTP3aSva07SVQ==
hcaptcha-checkbox.js
newassets.hcaptcha.com/captcha/v1/1eed1c2/ Frame FB8A 		129 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha-checkbox.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b15492aadc05d1b2d28015ba2de8d941fdd8b07ea5d4c8dd106839aec1ebdab
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 09:50:02 GMT
via
1.1 3da92f19744e3229b09a019ec66be172.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
75211
cf-polished
origSize=132272
x-cache
Hit from cloudfront
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Tue, 31 Aug 2021 12:55:38 GMT
server
cloudflare
etag
W/"5cf201d5956fba85fc2a8b16a1ba8cc9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=1209600
x-amz-cf-pop
PRG50-C1
cf-ray
687d97906e9e411f-PRG
x-amz-cf-id
In6G_zDW40YA-_LJkAqPDykmt5aw2_byM82Tzv0uaGwrxGvQS_4rfg==
cf-bgj
minify
hcaptcha-challenge.js
newassets.hcaptcha.com/captcha/v1/1eed1c2/ Frame B628 		210 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha-challenge.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37bb7a2abfa6b9b0f99ba790a5053dc48a49fdb9eb66da2d999fd8eb80bae617
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 09:50:02 GMT
via
1.1 2a5c925255bb252ff0ed65977311f74f.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
75211
cf-polished
origSize=215057
x-cache
Hit from cloudfront
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Tue, 31 Aug 2021 12:55:37 GMT
server
cloudflare
etag
W/"e2f755cd70354f6706ff8d3c365b35e2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=1209600
x-amz-cf-pop
PRG50-C1
cf-ray
687d97906ea5411f-PRG
x-amz-cf-id
zot6jZ5qb5tspQGTYR67ut2T0HYQodYb0uSTP84S7BjGhiJwjpBrDQ==
cf-bgj
minify
truncated
/ Frame FB8A 		798 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
checksiteconfig
hcaptcha.com/ Frame FB8A 		13 B
471 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hcaptcha.com/checksiteconfig?host=web-loan-application-dev.bigbank.se&sitekey=10000000-ffff-ffff-ffff-000000000001&sc=1&swa=1
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha-checkbox.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad00b72af52a8d00e632f51a6de4ddacc1b8f02624dbca54c45edb029417d9d1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Cache-Control
no-cache
Referer
https://newassets.hcaptcha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Wed, 01 Sep 2021 09:50:02 GMT
x-content-type-options
nosniff
server
cloudflare
access-control-allow-headers
Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass
2
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://newassets.hcaptcha.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-credentials
true
strict-transport-security
max-age=2592000; includeSubDomains; preload
cf-ray
687d97912830411f-PRG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
13
checksiteconfig
hcaptcha.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://hcaptcha.com/checksiteconfig?host=web-loan-application-dev.bigbank.se&sitekey=10000000-ffff-ffff-ffff-000000000001&sc=1&swa=1
Protocol
H3-29
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
cache-control,content-type
Origin
https://newassets.hcaptcha.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 01 Sep 2021 09:50:02 GMT
content-length
0
access-control-allow-origin
https://newassets.hcaptcha.com
vary
Origin, Accept-Encoding
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
access-control-allow-methods
GET, HEAD, POST, OPTIONS
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
687d9790f98a4113-PRG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
events
apm.bigbank.eu/intake/v2/rum/ 		0
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apm.bigbank.eu/intake/v2/rum/events
Requested by
Host: web-loan-application-dev.bigbank.se
URL: https://web-loan-application-dev.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.235.160.8 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Content-Encoding
gzip
Referer
https://web-loan-application-dev.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/x-ndjson

Response headers

Access-Control-Allow-Origin
https://web-loan-application-dev.bigbank.se
Date
Wed, 01 Sep 2021 09:50:03 GMT
X-Content-Type-Options
nosniff
Server
nginx
Connection
keep-alive
Content-Length
0
events
apm.bigbank.eu/intake/v2/rum/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://apm.bigbank.eu/intake/v2/rum/events
Protocol
HTTP/1.1
Server
185.235.160.8 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-encoding,content-type
Origin
https://web-loan-application-dev.bigbank.se
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Server
nginx
Date
Wed, 01 Sep 2021 09:50:03 GMT
Content-Length
0
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type, Content-Encoding, Accept
Access-Control-Allow-Methods
POST, OPTIONS
Access-Control-Allow-Origin
https://web-loan-application-dev.bigbank.se
Access-Control-Expose-Headers
Etag
Access-Control-Max-Age
3600
Vary
Origin
X-Content-Type-Options
nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
login-service-central-dev.dca.origin.big.local
URL
https://login-service-central-dev.dca.origin.big.local/heartbeat
Domain
login-service-central-dev.dca.origin.big.local
URL
https://login-service-central-dev.dca.origin.big.local/login/check

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| config object| webpackJsonp object| core object| elasticApm function| _hcaptchaOnLoad object| hcaptcha object| grecaptcha

4 Cookies

Domain/Path Name / Value
web-loan-application-dev.bigbank.se/ Name: loanorigination.sid
Value: s%3AtuIwC9O9cWLpGe0YrKCWoENyzskPpC7v.8WdDvnCTkieqQmpPGd077TWON644FVEzkm9OogeG5ME
web-loan-application-dev.bigbank.se/ Name: Authenticated
Value: false
web-loan-application-dev.bigbank.se/ Name: c409d35afd992e6490f2d48a7063ce33
Value: 04cff8f61ceb47661e4dbf107fb2c958
web-loan-application-dev.bigbank.se/ Name: resourceCheck
Value: 5285c5a1e5d188c5cdeda5a268a3d294

2 Console Messages

Source Level URL
Text
console-api info URL: https://web-loan-application-dev.bigbank.se/js/app.2d913425.js(Line 1)
Message:
created createApplication
console-api info URL: https://web-loan-application-dev.bigbank.se/js/app.2d913425.js(Line 1)
Message:
Setting up default data and appearance for route/task createApplication

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://*.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-5285c5a1e5d188c5cdeda5a268a3d294' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apm.bigbank.eu
bigbank.uriports.com
hcaptcha.com
login-service-central-dev.dca.origin.big.local
newassets.hcaptcha.com
web-loan-application-dev.bigbank.se
login-service-central-dev.dca.origin.big.local
104.16.168.131
104.16.169.131
185.235.160.30
185.235.160.8
2001:678:6a0::3:101
0da8773c03348dd54b1c8ba87216b3065b9ddb8afea668107aaf6d0f13c81ef8
0e0e1b11f791666161be1df51bf2c338d78de5fae98e9f1c7231dc5f02283cd5
148fb1a965da50a0e213290746c7b0234fd2fe95c305bb3493e69cdfa092805a
1e67e381de0955a30a43141bfd00394996a1b36719543d432a44d35559bc8f8e
254a6812d48812128e1e1c373c866d3480b0acd80132a4e318850a92c9fc2c4c
2772326191ee33d1a9b6385bf9ae351a34d7e6fa15337e596afbaf238da69d1f
2b15492aadc05d1b2d28015ba2de8d941fdd8b07ea5d4c8dd106839aec1ebdab
37bb7a2abfa6b9b0f99ba790a5053dc48a49fdb9eb66da2d999fd8eb80bae617
5613e4050d5f74507cedccde396912626e9bb945a5a95efc3ccd2e30b876c706
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
6c1140bd5a44db11840d1eeb81401090704993b1d02cb04e7095f155eda7f506
75f45494dd809ad088f771f141025680ab7c43380171775fb51621c69a197712
8da756be273d085e43e817a6db80ce11368f24a7230cd8352d62a954d333dae4
97bd09001c0dc97c7f47c4bd7a2ed2ef2efe3d6264fae21e3622bdf49228acb2
ac78a6812da536d68dad174921c3a42f1692c3154f3cc7a0b30940be66540187
ad00b72af52a8d00e632f51a6de4ddacc1b8f02624dbca54c45edb029417d9d1
baace17f0b043bab6b3545f9af8453d7cf3b937b7c31d8ff9dd629b23573fbdd
d9b5939e08068f659c962eb28acff7c85f9806c01aaf896306384b0c2cd8f576
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7a5f8215932251b5d4a43465005307d2e74b590174f6b6aca26d61a8a4bb9cd