urlscan.io logo urlscan.io
SecurityTrails logo

visa.all-vue.com Open in urlscan Pro
52.151.125.143  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://visa.all-vue.com/
Effective URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Submission: On September 27 via manual from GB — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 52.151.125.143, located in London, United Kingdom and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is visa.all-vue.com.
TLS certificate: Issued by R3 on September 17th 2023. Valid for: 3 months.
This is the only time visa.all-vue.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 15 52.151.125.143 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
13 2
Apex Domain
Subdomains		 Transfer
15 all-vue.com
visa.all-vue.com
175 KB
1 gstatic.com
fonts.gstatic.com
56 KB
13 2
Domain Requested by
15 visa.all-vue.com 3 redirects visa.all-vue.com
1 fonts.gstatic.com visa.all-vue.com
13 2

This site contains links to these domains. Also see Links.

Domain
docs.savanta.com
savanta.all-vue.com
Subject Issuer Validity Valid
*.all-vue.com
R3		 2023-09-17 -
2023-12-16		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Frame ID: 2B6EC8787DA20CB9E02EFBDC38B472E0
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. http://visa.all-vue.com/ HTTP 302
    https://visa.all-vue.com/ HTTP 302
    https://visa.all-vue.com/auth HTTP 302
    https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

230 kB
Transfer

457 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://visa.all-vue.com/ HTTP 302
    https://visa.all-vue.com/ HTTP 302
    https://visa.all-vue.com/auth HTTP 302
    https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login
visa.all-vue.com/auth/Account/
Redirect Chain
  • http://visa.all-vue.com/
  • https://visa.all-vue.com/
  • https://visa.all-vue.com/auth
  • https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
369a6e641e3ce3b532df328813e0560913c6ac45dde6bd2f186affe608fdac96
Security Headers
Name Value
Content-Security-Policy sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads;default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads;default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
content-type
text/html; charset=utf-8
date
Wed, 27 Sep 2023 07:21:38 GMT
expires
-1
pragma
no-cache
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
svtsvr
auth1
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SameOrigin
x-stackifyid
V2|65667bb5-be2b-4f12-995a-56495e209f34|C78662|CD10
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
date
Wed, 27 Sep 2023 07:21:37 GMT
expires
-1
location
https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
pragma
no-cache
referrer-policy
no-referrer
strict-transport-security
max-age=31536000; includeSubDomains
svtsvr
auth1
x-content-type-options
nosniff
x-frame-options
SameOrigin
x-xss-protection
1; mode=block
bootstrap.min.css
visa.all-vue.com/auth/lib/bootstrap/css/ 		157 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/lib/bootstrap/css/bootstrap.min.css
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a547652943e11dd21e7a0c39fae37b84c6dd27de5efff7ea4f45cde43c938f89
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359feede99"
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
site.css
visa.all-vue.com/auth/css/ 		12 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/css/site.css
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
05bc473c76b9108f8fc219142961d9b08ed907f6bc260e8b0197f2120cbdd43f
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fec9da5"
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
buttons.css
visa.all-vue.com/auth/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/css/buttons.css
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cd53835cb83547d1a97bb5d3def21085f61e5583cf47cddab54605bd1b7b37b9
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fecb58c"
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
fonts.css
visa.all-vue.com/auth/css/ 		7 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/css/fonts.css
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
54d8446d7f9ec659781ed34ba779a8dee17c7a89211a40cfee70b9aea86cf5f9
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fecb609"
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
stylesheet.css
visa.all-vue.com/auth/api/theme/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/api/theme/stylesheet.css
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
416143720e56b45534b5d52b7ed2528cf4fc69e302c3e6417537824dc276416d
Security Headers
Name Value
Content-Security-Policy sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads;default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
no-referrer
content-security-policy
sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads;default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
text/css
x-stackifyid
V2|822bcca7-9dc6-4934-9416-633fe5ded95b|C78662|CD10
cache-control
no-cache, no-store, must-revalidate
svtsvr
auth1
x-xss-protection
1; mode=block
expires
-1
coloris.min.css
visa.all-vue.com/auth/lib/coloris/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/lib/coloris/coloris.min.css
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
21b5a91f6258d2e7f9bbf8e9cbcc8e1f5ce0b012f10cf7feebdccaf37c0a5ea8
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fec8d1b"
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
text/css
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
jquery.slim.min.js
visa.all-vue.com/auth/lib/jquery/ 		71 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/lib/jquery/jquery.slim.min.js
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
18a73f1a0c384d8a51148481dac25f20e8d66855a12e59359dbc098a31a863ba
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fedb6be"
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
application/javascript
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
bootstrap.min.js
visa.all-vue.com/auth/lib/bootstrap/js/ 		59 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/lib/bootstrap/js/bootstrap.min.js
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c7390975fc3e41ad5ec9d1870edc3103f7c498dd82dce4bbaf22a9e7bba96b77
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fec4714"
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
application/javascript
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
coloris.min.js
visa.all-vue.com/auth/lib/coloris/ 		14 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/lib/coloris/coloris.min.js
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b9e6e6c7a02aea4abd29c57a923759a701f3dcada8964308ebb82ab5171ae031
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
strict-transport-security
max-age=31536000; includeSubDomains
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fec9a07"
vary
Accept-Encoding
x-frame-options
SameOrigin
content-type
application/javascript
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
savantalogo.svg
visa.all-vue.com/auth/logos/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visa.all-vue.com/auth/logos/savantalogo.svg
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/css/site.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
09a6bab4c3cd6db3506cccaa750d1de0f6ecab13db70033f168bba3b1239ebdb
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-length
4682
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fecbe4a"
x-frame-options
SameOrigin
content-type
image/svg+xml
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
MaterialIcons-Regular.woff
visa.all-vue.com/auth/lib/ 		56 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://visa.all-vue.com/auth/lib/MaterialIcons-Regular.woff
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/css/site.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.151.125.143 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c4a1baec300d09e03a8380b85918267ee80faae8e00c6c56b48e2e74b1d9b38d
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://visa.all-vue.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Wed, 27 Sep 2023 07:21:38 GMT
content-security-policy
default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
content-length
57620
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
no-referrer
last-modified
Sat, 09 Sep 2023 15:52:24 GMT
etag
"1d9e3359fec4d14"
x-frame-options
SameOrigin
content-type
application/font-woff
cache-control
no-cache, no-store, must-revalidate
accept-ranges
bytes
svtsvr
auth1
expires
-1
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v27/ 		56 KB
56 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: visa.all-vue.com
URL: https://visa.all-vue.com/auth/css/fonts.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1287b4c6427119cabf899a5ea898f81e831a2742614813a3302f671690b399c2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
Origin
https://visa.all-vue.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.92 Safari/537.36

Response headers

date
Fri, 22 Sep 2023 07:38:50 GMT
x-content-type-options
nosniff
age
430968
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57116
x-xss-protection
0
last-modified
Tue, 21 Sep 2021 23:13:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 21 Sep 2024 07:38:50 GMT

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| $ function| jQuery object| bootstrap function| Coloris

5 Cookies

Domain/Path Name / Value
visa.all-vue.com/auth Name: AntiForgery.MIG.Auth.Server
Value: CfDJ8Fh2Ieq7TdxBlLOn1BgC9eBKd9bQNz6QHWS_wsdqYJGF0C1IbHBN8oAouZPInDQZ_hlx1APICES0_twevlutgAb3FPUvgfolCp2QQ6qjq0drwHR0jNZMiPo8qaJJssvQDWyxwWXIp-eINHUeHHsACns
visa.all-vue.com/ Name: svt_allvue_svrCORS
Value: df713788695861354e27c748403491b9
visa.all-vue.com/ Name: svt_allvue_svr
Value: df713788695861354e27c748403491b9
visa.all-vue.com/ Name: svt_auth_svrCORS
Value: cd3b3702df46d1c5895a64d35dec28c1
visa.all-vue.com/ Name: svt_auth_svr
Value: cd3b3702df46d1c5895a64d35dec28c1

1 Console Messages

Source Level URL
Text
security warning URL: https://visa.all-vue.com/auth/Account/Login?ReturnUrl=%2Fauth
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy sandbox allow-forms allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts allow-downloads;default-src 'self';script-src 'self' 'unsafe-inline';object-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;font-src 'self' fonts.gstatic.com;connect-src 'self' https://svtsurveyassets.blob.core.windows.net/allvue/;base-uri 'self';frame-ancestors 'none';upgrade-insecure-requests;block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SameOrigin
X-Xss-Protection 1; mode=block