Submitted URL: http://capitalone.vera.com/
Effective URL: https://capitalone.vera.com/
Submission: On April 29 via api from US

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 14 HTTP transactions. The main IP is 2606:4700::6810:e9e5, located in United States and belongs to CLOUDFLARENET, US. The main domain is capitalone.vera.com.
TLS certificate: Issued by Thawte RSA CA 2018 on February 14th 2020. Valid for: 2 years.
This is the only time capitalone.vera.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 7 2606:4700::68... 13335 (CLOUDFLAR...)
3 13.35.253.84 16509 (AMAZON-02)
1 99.86.1.140 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
14 5
Domain Requested by
7 capitalone.vera.com 1 redirects d2tc4pyewq5nzw.cloudfront.net
capitalone.vera.com
3 maps.google.com capitalone.vera.com
maps.google.com
3 d2tc4pyewq5nzw.cloudfront.net capitalone.vera.com
1 maps.googleapis.com maps.google.com
1 api.mapbox.com capitalone.vera.com
14 5

This site contains no links.

Subject Issuer Validity Valid
*.vera.com
Thawte RSA CA 2018
2020-02-14 -
2022-03-14
2 years crt.sh
*.cloudfront.net
DigiCert Global CA G2
2019-07-17 -
2020-07-05
a year crt.sh
api.mapbox.com
Amazon
2020-03-05 -
2021-04-05
a year crt.sh
*.google.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh
upload.video.google.com
GTS CA 1O1
2020-04-07 -
2020-06-30
3 months crt.sh

This page contains 2 frames:

Primary Page: https://capitalone.vera.com/
Frame ID: C2B5AE8F955D84F02D3B03B0BF62DD3D
Requests: 11 HTTP requests in this frame

Frame: https://capitalone.vera.com/res/authinit/index.html?source=portal
Frame ID: E18D3A8440AB93B72D3C36148695F44E
Requests: 3 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://capitalone.vera.com/ HTTP 301
    https://capitalone.vera.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

14
Requests

100 %
HTTPS

60 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

2197 kB
Transfer

9697 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://capitalone.vera.com/ HTTP 301
    https://capitalone.vera.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
capitalone.vera.com/
Redirect Chain
  • http://capitalone.vera.com/
  • https://capitalone.vera.com/
3 KB
2 KB
Document
General
Full URL
https://capitalone.vera.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e9e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27eaf2b500f5abf75a167ea85e177c490cc903eb526c38f5ccd13b74f84ed0c3
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:method
GET
:authority
capitalone.vera.com
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Wed, 29 Apr 2020 22:45:36 GMT
content-type
text/html;charset=utf-8
set-cookie
__cfduid=d533c85fbf68bd72ccf0e6eaae99c22f91588200335; expires=Fri, 29-May-20 22:45:35 GMT; path=/; domain=.vera.com; HttpOnly; SameSite=Lax
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
expires
Thu, 01 Jan 1970 00:00:00 UTC
strict-transport-security
max-age=60
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-vera-id
58bc8de35edbd6f5-FRA
x-xss-protection
1
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
58bc8de35edbd6f5-FRA
content-encoding
gzip
cf-request-id
0269b7021a0000d6f507b42200000001

Redirect headers

Date
Wed, 29 Apr 2020 22:45:35 GMT
Transfer-Encoding
chunked
Connection
keep-alive
Cache-Control
max-age=3600
Expires
Wed, 29 Apr 2020 23:45:35 GMT
Location
https://capitalone.vera.com/
Vary
Accept-Encoding
Server
cloudflare
CF-RAY
58bc8de0cc1fdfcb-FRA
cf-request-id
0269b7007a0000dfcb5181f200000001
lib.d27e1815af7a04.css
d2tc4pyewq5nzw.cloudfront.net/css/
193 KB
37 KB
Stylesheet
General
Full URL
https://d2tc4pyewq5nzw.cloudfront.net/css/lib.d27e1815af7a04.css
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.84 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-84.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8d1d830acff98d5b5959656aecc22e24c10cd89e9bc8924d844c7bf47b00ca9c

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 22:45:38 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Apr 2020 06:43:26 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1582256879/ctime:1586760229/gid:1001/gname:vera/md5:99c1365de5dc8317152fe0d1b84aeeda/mode:33204/mtime:1582256879/uid:1001/uname:vera
X-Amz-Cf-Pop
FRA6-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
text/css
Via
1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
YtHF87jZ3jQkDO5XbE5AaEhBqUEQToen6mAehTO74C4ApgivMDq20g==
app.d27e1815af7a04.css
d2tc4pyewq5nzw.cloudfront.net/css/
356 KB
60 KB
Stylesheet
General
Full URL
https://d2tc4pyewq5nzw.cloudfront.net/css/app.d27e1815af7a04.css
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.84 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-84.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a53dc065ec156e859645d6557d2dbb3fa24cd7c29fdb3fe05a116dd30bd34be1

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 22:45:38 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Apr 2020 06:43:26 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1582256879/ctime:1586760229/gid:1001/gname:vera/md5:cc7baa7f34aad9917cff19e555775e2f/mode:33204/mtime:1582256879/uid:1001/uname:vera
X-Amz-Cf-Pop
FRA6-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
text/css
Via
1.1 3095e870e1a1a1b03178e40ab1872de5.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
x7C5HPzXVqEdjo7iHCF7ue3NpgT5UwQFixyg3k5TPTL9f_a1Jeb9Ug==
app.d27e1815af7a04.js
d2tc4pyewq5nzw.cloudfront.net/js/
5 MB
1 MB
Script
General
Full URL
https://d2tc4pyewq5nzw.cloudfront.net/js/app.d27e1815af7a04.js
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.35.253.84 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-35-253-84.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0079363542ebf3ef19b3e79164926ed8c7b8928ec80623740b31b000cbd2b042

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 29 Apr 2020 22:45:38 GMT
Content-Encoding
gzip
Last-Modified
Mon, 13 Apr 2020 06:43:48 GMT
Server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1586760218/ctime:1586760229/gid:1001/gname:vera/md5:d2b2678167364b1bd7322f0ed0c33124/mode:33204/mtime:1586760218/uid:1001/uname:vera
X-Amz-Cf-Pop
FRA6-C1
Vary
Accept-Encoding
X-Cache
Miss from cloudfront
Content-Type
application/javascript
Via
1.1 2f0580a0593ad9d3fb82aee9226d8179.cloudfront.net (CloudFront)
Transfer-Encoding
chunked
Connection
keep-alive
X-Amz-Cf-Id
RMhH4J3_MFvDo6WC5yEcXWu4xi41INMLf3L5mRkzvomQGYvTRxmAng==
mapbox.css
api.mapbox.com/mapbox.js/v2.4.0/
28 KB
10 KB
Stylesheet
General
Full URL
https://api.mapbox.com/mapbox.js/v2.4.0/mapbox.css
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
99.86.1.140 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-1-140.fra6.r.cloudfront.net
Software
/ Express
Resource Hash
e682a8e18ca34b39cdead590d31a14243b776045571517434222c584738dbf17

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Wed, 01 Jan 2020 16:16:58 GMT
Content-Encoding
gzip
Age
10304919
X-Powered-By
Express
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Access-Control-Allow-Origin
*
Last-Modified
Wed Mar 30 2016 19:54:09 GMT+0000 (Coordinated Universal Time)
ETag
"3ea47f2364a246c2c0471231659bcf29"
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
Cache-Control
max-age=31536000
X-Amz-Cf-Pop
FRA6-C1
X-Amz-Cf-Id
KyqFUeonZX2FoOrdj_v4peRQGyPi0iYd0wPdqlEBPsVBGkEphVJZBA==
js
maps.google.com/maps/api/
114 KB
38 KB
Script
General
Full URL
https://maps.google.com/maps/api/js?sensor=true
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
7dd726ac9ca0b51fe6ca2cb2e5c645321bca3c0b0bde45528168cfea37dc7bb9
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://capitalone.vera.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 22:45:37 GMT
content-encoding
gzip
vary
Accept-Language
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
public, max-age=1800
server-timing
gfet4t7; dur=11
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38447
x-xss-protection
0
expires
Wed, 29 Apr 2020 23:15:37 GMT
capitalone.vera.com
capitalone.vera.com/api/tenant/discover/
69 B
417 B
XHR
General
Full URL
https://capitalone.vera.com/api/tenant/discover/capitalone.vera.com
Requested by
Host: d2tc4pyewq5nzw.cloudfront.net
URL: https://d2tc4pyewq5nzw.cloudfront.net/js/app.d27e1815af7a04.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e9e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33251dba2aef295bcf16255df4021121f65aab65108da4e5caeb5cbe4cba4eeb
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept
*/*
Referer
https://capitalone.vera.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 22:45:42 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
x-xss-protection
1
x-vera-id
58bc8e092c30d6f5-FRA
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=60
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
cf-request-id
0269b719b70000d6f507917200000001
cf-ray
58bc8e092c30d6f5-FRA
access-control-allow-headers
Content-Type, Authorization
expires
Thu, 01 Jan 1970 00:00:00 UTC
bootstrap
capitalone.vera.com/api/portal/
28 KB
21 KB
XHR
General
Full URL
https://capitalone.vera.com/api/portal/bootstrap
Requested by
Host: d2tc4pyewq5nzw.cloudfront.net
URL: https://d2tc4pyewq5nzw.cloudfront.net/js/app.d27e1815af7a04.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e9e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2375a4035409bb2297fa5bd0500e22e5f84add79187a0af07563262676bd4725
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept
*/*
Referer
https://capitalone.vera.com/
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 22:45:43 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
status
200
x-xss-protection
1
x-vera-id
58bc8e0dbc2cd6f5-FRA
server
cloudflare
x-frame-options
SAMEORIGIN
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=60
access-control-allow-methods
GET,POST,PUT,DELETE,OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
content-security-policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
cf-request-id
0269b71c940000d6f50793c200000001
cf-ray
58bc8e0dbc2cd6f5-FRA
access-control-allow-headers
Content-Type, Authorization
expires
Thu, 01 Jan 1970 00:00:00 UTC
index.html
capitalone.vera.com/res/authinit/ Frame E18D
3 KB
2 KB
Document
General
Full URL
https://capitalone.vera.com/res/authinit/index.html?source=portal
Requested by
Host: d2tc4pyewq5nzw.cloudfront.net
URL: https://d2tc4pyewq5nzw.cloudfront.net/js/app.d27e1815af7a04.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e9e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd743afc3b136fed83471c547e6fb8b57b25e2b4ffead7f08b36a8c7b9d5f336
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

:method
GET
:authority
capitalone.vera.com
:scheme
https
:path
/res/authinit/index.html?source=portal
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://capitalone.vera.com/login
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://capitalone.vera.com/login

Response headers

status
200
date
Wed, 29 Apr 2020 22:45:44 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dfb0a518c390363f9d57c9422d98a8b131588200343; expires=Fri, 29-May-20 22:45:43 GMT; path=/; domain=.vera.com; HttpOnly; SameSite=Lax
cache-control
no-cache, no-store, must-revalidate
x-frame-options
SAMEORIGIN
x-xss-protection
1
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server
cloudflare
cf-ray
58bc8e14791dd6f5-FRA
content-encoding
gzip
cf-request-id
0269b720cd0000d6f507981200000001
54d60d9c9928fa46d6ed.css
capitalone.vera.com/res/authinit/ Frame E18D
417 KB
66 KB
Stylesheet
General
Full URL
https://capitalone.vera.com/res/authinit/54d60d9c9928fa46d6ed.css
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/res/authinit/index.html?source=portal
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e9e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
59f4f8dde5a8123ced710ff18492cbb052455f304b491c49f443322fe8035aa1
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://capitalone.vera.com/res/authinit/index.html?source=portal
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 22:45:44 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
2001255
status
200
cf-request-id
0269b723d00000d6f5079a4200000001
server
cloudflare
etag
W/"68506"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
text/css
x-xss-protection
1
cache-control
public, max-age=31536000
cf-ray
58bc8e19496bd6f5-FRA
expires
Thu, 29 Apr 2021 22:45:44 GMT
54d60d9c9928fa46d6ed.js
capitalone.vera.com/res/authinit/ Frame E18D
3 MB
681 KB
Script
General
Full URL
https://capitalone.vera.com/res/authinit/54d60d9c9928fa46d6ed.js
Requested by
Host: capitalone.vera.com
URL: https://capitalone.vera.com/res/authinit/index.html?source=portal
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6810:e9e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24d3f37115614538d798538d6c58abd37f6020b42d613882ea5a7b3fa508033b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://capitalone.vera.com/res/authinit/index.html?source=portal
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 22:45:44 GMT
content-encoding
gzip
vary
Accept-Encoding
cf-cache-status
HIT
age
86636
status
200
cf-request-id
0269b723d10000d6f5079a5200000001
server
cloudflare
etag
W/"2a77bd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
text/javascript
x-xss-protection
1
cache-control
public, max-age=31536000
cf-ray
58bc8e19496ed6f5-FRA
expires
Thu, 29 Apr 2021 22:45:44 GMT
common.js
maps.google.com/maps-api-v3/api/js/40/11/
77 KB
29 KB
Script
General
Full URL
https://maps.google.com/maps-api-v3/api/js/40/11/common.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?sensor=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://capitalone.vera.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 18:35:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 29 Apr 2020 01:25:55 GMT
server
sffe
age
15024
vary
Accept-Encoding, Origin
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
29009
x-xss-protection
0
expires
Thu, 29 Apr 2021 18:35:22 GMT
util.js
maps.google.com/maps-api-v3/api/js/40/11/
144 KB
53 KB
Script
General
Full URL
https://maps.google.com/maps-api-v3/api/js/40/11/util.js
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps/api/js?sensor=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://capitalone.vera.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Wed, 29 Apr 2020 18:35:21 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 29 Apr 2020 01:25:55 GMT
server
sffe
age
15025
vary
Accept-Encoding, Origin
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
54048
x-xss-protection
0
expires
Thu, 29 Apr 2021 18:35:21 GMT
AuthenticationService.Authenticate
maps.googleapis.com/maps/api/js/
62 B
454 B
Script
General
Full URL
https://maps.googleapis.com/maps/api/js/AuthenticationService.Authenticate?1shttps%3A%2F%2Fcapitalone.vera.com%2Flogin&5shttps%3A%2F%2Fcapitalone.vera.com%2Flogin&callback=_xdc_._oyv46k&token=24548
Requested by
Host: maps.google.com
URL: https://maps.google.com/maps-api-v3/api/js/40/11/common.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
mafe /
Resource Hash
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://capitalone.vera.com/login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 29 Apr 2020 22:45:47 GMT
content-encoding
gzip
server
mafe
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment
server-timing
gfet4t7; dur=1
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
63
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

2 Console Messages

Source Level URL
Text
console-api warning URL: https://maps.google.com/maps-api-v3/api/js/40/11/util.js(Line 232)
Message:
Google Maps JavaScript API warning: NoApiKeys https://developers.google.com/maps/documentation/javascript/error-messages#no-api-keys
console-api warning URL: https://maps.google.com/maps-api-v3/api/js/40/11/util.js(Line 232)
Message:
Google Maps JavaScript API warning: SensorNotRequired https://developers.google.com/maps/documentation/javascript/error-messages#sensor-not-required

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'; img-src https: data: blob: http://127.0.0.1:43421
Strict-Transport-Security max-age=60
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1