benefitsplus-auth-uat1.hsbc.com.hk Open in urlscan Pro
2600:9000:214f:9600:e:eacb:a8c0:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://benefitsplus-uat1.hsbc.com.hk/
Effective URL:
https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
Submission Tags: @phishunt_io
Submission: On March 21 via api (March 21st 2024, 10:48:02 am UTC) from DE — Scanned from DE

Summary HTTP 16 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 16 HTTP transactions. The main IP is 2600:9000:214f:9600:e:eacb:a8c0:93a1, located in United States and belongs to AMAZON-02, US. The main domain is benefitsplus-auth-uat1.hsbc.com.hk.
TLS certificate: Issued by DigiCert EV RSA CA G2 on August 10th 2023. Valid for: a year.

This is the only time benefitsplus-auth-uat1.hsbc.com.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 17	2600:9000:214... 2600:9000:214f:9600:e:eacb:a8c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:225... 2600:9000:225e:ec00:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::2003	15169 (GOOGLE) (GOOGLE)
16	4

17 2600:9000:214f:9600:e:eacb:a8c0:93a1 (United States) 4 redirects

ASN16509 (AMAZON-02, US)

benefitsplus-uat1.hsbc.com.hk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
benefitsplus-auth-uat1.hsbc.com.hk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:225e:ec00:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
17	hsbc.com.hk 4 redirects benefitsplus-uat1.hsbc.com.hk benefitsplus-auth-uat1.hsbc.com.hk	86 KB
1	gstatic.com fonts.gstatic.com	48 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 110	2 KB
1	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1332	415 B
16	4

	Domain	Requested by
15	benefitsplus-auth-uat1.hsbc.com.hk	2 redirects benefitsplus-auth-uat1.hsbc.com.hk
2	benefitsplus-uat1.hsbc.com.hk	2 redirects
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	benefitsplus-auth-uat1.hsbc.com.hk
1	tags.tiqcdn.com	benefitsplus-auth-uat1.hsbc.com.hk
16	5

This site contains links to these domains. Also see Links.

Domain
benefitsplus-uat1.hsbc.com.hk

Subject Issuer	Validity	Valid
benefitsplus-uat1.hsbc.com.hk DigiCert EV RSA CA G2	`2023-08-10` - `2024-09-09`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M02	`2024-03-19` - `2025-04-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-02-26` - `2024-05-20`	3 months	crt.sh

This page contains 1 frames:

Primary Page: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
Frame ID: 45974D530B8068FA0F9D23FC9E6B8BF9
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to HSBC Life Benefits+

Page URL History Show full URLs

https://benefitsplus-uat1.hsbc.com.hk/ HTTP 302
https://benefitsplus-uat1.hsbc.com.hk/login?path=%2F HTTP 302
https://benefitsplus-auth-uat1.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_typ... HTTP 302
https://benefitsplus-auth-uat1.hsbc.com.hk/interaction/wglAfstMaImtTN1drQRk1?lang=en-HK HTTP 302
https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK Page URL

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

16
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

121 kB
Transfer

127 kB
Size

5
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://benefitsplus-uat1.hsbc.com.hk/forgot-password?lang=en-HK
Title: Forgot Password?

Search URL Search Domain Scan URL

URL: https://benefitsplus-uat1.hsbc.com.hk/registration/registration-email?lang=en-HK
Title: Register for HSBC Life Benefits+

Search URL Search Domain Scan URL

URL: https://benefitsplus-uat1.hsbc.com.hk/contact-us?lang=en-HK
Title: Contact us

Search URL Search Domain Scan URL

URL: https://benefitsplus-uat1.hsbc.com.hk/legal/terms?lang=en-HK
Title: Terms

Search URL Search Domain Scan URL

URL: https://benefitsplus-uat1.hsbc.com.hk/legal/privacy?lang=en-HK
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://benefitsplus-uat1.hsbc.com.hk/ HTTP 302
https://benefitsplus-uat1.hsbc.com.hk/login?path=%2F HTTP 302
https://benefitsplus-auth-uat1.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-uat1.hsbc.com.hk&protocol=oauth0&connection=hsbc&audience=hsbc&state=%2F HTTP 302
https://benefitsplus-auth-uat1.hsbc.com.hk/interaction/wglAfstMaImtTN1drQRk1?lang=en-HK HTTP 302
https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
benefitsplus-auth-uat1.hsbc.com.hk/
Redirect Chain

https://benefitsplus-uat1.hsbc.com.hk/
https://benefitsplus-uat1.hsbc.com.hk/login?path=%2F
https://benefitsplus-auth-uat1.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-uat1.hsbc.com.hk&p...
https://benefitsplus-auth-uat1.hsbc.com.hk/interaction/wglAfstMaImtTN1drQRk1?lang=en-HK
https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

5 KB
5 KB

846ms
846ms

Document
text/html

2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

c72dd13bdd7d055a1467558e0baaa1e4654739a3514999c1d29f616723361df0

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-length: 1642
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
content-type: text/html; charset=utf-8
date: Thu, 21 Mar 2024 10:47:56 GMT
etag: W/"1396-9uMPx0u3CsCHICy4ow1Yz7gx0PY"
server: CloudFront
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-apigw-id: U-d-dH6VHUYEb2A=
x-amz-cf-id: CIFSrVa0ErSeVDGzFnDYYK1dDEyVEZVUAVm1Wv1J8nwhsOtCrom4kg==
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:56 GMT
x-amzn-requestid: eec76e34-456a-4083-80fb-93a6dfc2a3ab
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-correlation-id: cd460e182e9662373dfa4006e9a5d2e9
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-origin: *
cache-control: no-cache, no-store
content-length: 138
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
content-type: text/html; charset=utf-8
date: Thu, 21 Mar 2024 10:47:55 GMT
location: /login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
pragma: no-cache
server: CloudFront
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept, Accept-Encoding
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-apigw-id: U-d-VEudnUYEUbg=
x-amz-cf-id: s4x9VSIqmzdjiVW8gqBgrKRg9nxC1TyZYHU7L3plnTSqLXhw9hyy_g==
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-remapped-content-length: 138
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:55 GMT
x-amzn-requestid: 3c04db64-07df-461b-b3eb-95788b328756
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-correlation-id: facc3eefcf7d786380d295457bc18d26
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp// 3 B
415 B 793ms
756ms Script
application/javascript 2600:9000:225e:ec00:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp//utag.sync.js
Requested by: Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:ec00:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-amz-version-id: nLbQyMlglyGoXodCndLd0t6DmRceuaJH
date: Thu, 21 Mar 2024 09:22:28 GMT
via: 1.1 dde951f556570d42a581084479d8b0e8.cloudfront.net (CloudFront)
last-modified: Thu, 02 Mar 2023 22:20:41 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P4
age: 5130
x-amz-server-side-encryption: AES256
etag: "b519d08ef66fd54910edbedba6181ec2"
vary: Accept-Encoding
x-cache: Error from cloudfront
content-type: application/javascript
accept-ranges: bytes
content-length: 3
x-amz-cf-id: iRBm48GZZ5jE4NTDx0J7zkA7DtW3hVRJyIq0gFMMFtHYDbnlHjx6Bg==

GET
H2 200 css
fonts.googleapis.com/ 22 KB
2 KB 49ms
25ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Thu, 21 Mar 2024 10:47:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 21 Mar 2024 10:32:45 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 21 Mar 2024 10:47:56 GMT

GET
H2 200 main.css
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/css/ 13 KB
7 KB 950ms
949ms Stylesheet
text/css 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/css/main.css

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

b993985ff05f78d526cded1f5dc315c58fc3f22be35ad674040aa455e4c09b8b

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 5bdf138ac4e557e3b3998af578491d0c
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: da7dcccb-0e36-42dc-a3fb-dbb64fc6c29d
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-nFQTnUYEBMg=
content-length: 3039
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"333f-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:57 GMT
x-amz-cf-id: Ad3Kuq1tKz_S5PoRZmvbdfOwYhZroDumgqITlC5JpXjUHJluCbpi0Q==

GET
H2 200 main.js Show response
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/js/ 12 KB
7 KB 665ms
665ms Script
application/javascript 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/js/main.js

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f63aa9cbf1ed197a7e8d6e192bedd57a3376bc1defa5fc2bcc84835eed6900c9

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: d72d5a08611202a95d6bd8e4aadf209c
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 6d6e8b2e-fa36-4aa2-8bd1-3c7cc46a6b44
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-kEJjnUYEPBw=
content-length: 2912
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"30db-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:57 GMT
x-amz-cf-id: qNjUbLbIXeimf6PfnIS3gGCEUtXK4qkzy1LKfSjNYBhS2tpEobXuxg==

GET
H2 404 utag_data.js
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/tealium// 0
0 1263ms
1263ms Script
application/json 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/tealium//utag_data.js

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:57 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 136
x-correlation-id: 72bc6663c7b84bcbd3c8a424e1f99290
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 6a57c0f4-734d-4e69-821f-3610c7a08afd
x-dns-prefetch-control: off
x-cache: Error from cloudfront
x-amz-apigw-id: U-d-nFltHUYEKnA=
content-length: 136
x-xss-protection: 1; mode=block
server: CloudFront
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:57 GMT
x-amz-cf-id: qadxqltrHAoNYS0l6IVblqiUIxPO2L-eq6t6ot2H6FlSgyyuOJtvXw==

GET
H2 404 utag.js
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/tealium// 0
0 918ms
918ms Script
application/json 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/tealium//utag.js

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:57 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 131
x-correlation-id: cfd860b3afb4323c6c3afa177820a92b
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 0a2ef6ea-7b49-4579-929e-72617975eeb6
x-dns-prefetch-control: off
x-cache: Error from cloudfront
x-amz-apigw-id: U-d-nEaYHUYEKKA=
content-length: 131
x-xss-protection: 1; mode=block
server: CloudFront
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:57 GMT
x-amz-cf-id: LEyJ1azyTiblHa64dU8I4dOiGW7Mxd3gUI8Bzb5J3r6cgphR0qKORw==

GET
H2 200 HSBC_logo_en.svg
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/ 3 KB
5 KB 843ms
842ms Image
image/svg+xml 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/HSBC_logo_en.svg

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

4b98e82da5261a22970e177085ed1c4d0156e74c3d0a0a17a66760c5413d3af1

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: c29b96e228d20b7e96cf9cf1fbaf9d74
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 6266ce22-8f76-4461-8189-b0c5c58fc4cb
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-mH8hHUYEYVg=
content-length: 1203
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"b3d-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:57 GMT
x-amz-cf-id: KJxTKABb2TBoGzAl2brN9Uj5-iR15bq_UE4hdaTMooCSiR6ZdE-7wQ==

GET
H2 200 iconnext.png
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/ 286 B
4 KB 865ms
864ms Image
image/png 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/iconnext.png

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

9467767079a490ee2a938f0dc4e111596f9a300d170df03e21c59ed8e9d042bb

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:57 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 286
x-correlation-id: 487d012ebe5d5c9c1c24e6af1781c1f5
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 5d34fcf2-e86d-430b-9593-cd6f028e4609
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-mHmfHUYEYAA=
content-length: 286
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"11e-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:57 GMT
x-amz-cf-id: 68OLJ-Csl1hZIshGjuR50pNRtFWSkGsMhyDoq59TQ9YTYNgPuKUryg==

GET
H2 200 en-HK.png
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/ 4 KB
8 KB 865ms
865ms Image
image/png 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/en-HK.png

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:58 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 4505
x-correlation-id: b886724466c52cf7d28c8efd2f102e72
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 2ee2b5fa-dc3b-4414-9c08-191ddc524af4
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-vE9TnUYEbUw=
content-length: 4505
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"1199-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:58 GMT
x-amz-cf-id: _ojr7AJ9sZnW0gz1tYrfsM75yolg8LwiWSbm5qPBLuVafou2U0D3xQ==

GET
H2 200 zh-HK.png
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/ 5 KB
8 KB 845ms
845ms Image
image/png 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/zh-HK.png

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:58 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 4790
x-correlation-id: 9723ec825ab48442b982401dee61d937
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: ee59dd4b-4c6d-4557-9866-ef6d15044045
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-vHEdnUYEscQ=
content-length: 4790
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"12b6-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:58 GMT
x-amz-cf-id: SIc_VfbP3OH-EUxSfQlBi8-PlNT8CWzlaZeloXvgjaeVzsAfRkcTBg==

GET
H2 200 bg.svg
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/ 5 KB
6 KB 837ms
837ms Image
image/svg+xml 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/bg.svg

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

a6a6c4cad34919cd1652a54a90191f5ac3c73ca00b24929a84e1e913cf605553

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 27537410c695930fe9e95c87d1326ffa
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: b2340353-f8ce-4257-b92a-9a547f019871
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-wElhnUYEPqw=
content-length: 2118
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"15e5-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:58 GMT
x-amz-cf-id: aFHSkLor1xLGQa4H7hdvAcL6pH9XTPtijG6YLqHZmEphIQ2RwC6zlw==

GET
H2 200 en-HK.png
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/ 4 KB
8 KB 858ms
855ms Image
image/png 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/en-HK.png

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:58 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 4505
x-correlation-id: 39dd007046b8c8e9b2c61d7bd6a92db8
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 235c41e2-7a63-470b-90fc-5150df5d6016
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-zHmsnUYEVWg=
content-length: 4505
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"1199-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:58 GMT
x-amz-cf-id: aZvezYZcgZVTrUrjlk98gbPbVwyAi9MecVFyEN4IAkvOn9QFVv7kng==

GET
H2 200 zh-HK.png
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/ 5 KB
8 KB 869ms
866ms Image
image/png 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/zh-HK.png

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:58 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 4790
x-correlation-id: 25e45498b0e903b40acd284c0d87037f
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 879a7330-b27d-4841-aa16-0548e6bb2fb6
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-zGb9HUYEVoA=
content-length: 4790
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"12b6-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:58 GMT
x-amz-cf-id: dD7x36EBSI4RNPI8TjABOiu80e3QITimYU0-BAfBQV_g852S_rNGJw==

GET
H2 200 eye-inactive.svg
benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/ 1 KB
4 KB 643ms
641ms Image
image/svg+xml 2600:9000:214f:9600:e:eacb:a8c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/images/eye-inactive.svg

Requested by

Host: benefitsplus-auth-uat1.hsbc.com.hk
URL: https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:214f:9600:e:eacb:a8c0:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

be81363ab71f61fa670727b693a9c17a03690e1ef5e697605d90c78c3b455fa4

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/css/main.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Thu, 21 Mar 2024 10:47:58 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 1045723da6ae03d0c581d02b5de41b79
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 660f4277d8fbef27985e8a4a97e362cc.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA53-C1
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: ed858aab-41d2-4044-a18a-34cb37704bdc
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: U-d-xHRLnUYEH3Q=
content-length: 663
x-xss-protection: 1; mode=block
last-modified: Thu, 07 Mar 2024 03:46:31 GMT
server: CloudFront
etag: W/"54f-18e17050dd8"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Thu, 21 Mar 2024 10:47:58 GMT
x-amz-cf-id: TWL7oWXWict-GhgLL47P0qNaWuPfBdXp8pgZ1UgD0veeLdouLWUXgQ==

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 293ms
12ms Font
font/woff2 2a00:1450:4001:829::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://benefitsplus-auth-uat1.hsbc.com.hk
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date: Tue, 19 Mar 2024 00:50:53 GMT
x-content-type-options: nosniff
age: 208625
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 19 Mar 2025 00:50:53 GMT

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.benefitsplus-auth-uat1.hsbc.com.hk/interaction/wglAfstMaImtTN1drQRk1	1970-01-20 19:17:26	Name: _interaction Value: wglAfstMaImtTN1drQRk1
.benefitsplus-auth-uat1.hsbc.com.hk/interaction/wglAfstMaImtTN1drQRk1	1970-01-20 19:17:26	Name: _interaction.sig Value: Ee86SCpen_ZcbQAtUYNKVefFd48
benefitsplus-auth-uat1.hsbc.com.hk/authorize/wglAfstMaImtTN1drQRk1	1970-01-20 19:17:26	Name: _interaction_resume Value: wglAfstMaImtTN1drQRk1
benefitsplus-auth-uat1.hsbc.com.hk/authorize/wglAfstMaImtTN1drQRk1	1970-01-20 19:17:26	Name: _interaction_resume.sig Value: i4poR9l0fisiYCJAej_izPjc8LQ
benefitsplus-uat1.hsbc.com.hk/	1969-12-31 23:59:59	Name: state Value: %252F

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/tealium//utag.js Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/tealium//utag_data.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK Message: Refused to execute script from 'https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/tealium//utag_data.js' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://benefitsplus-auth-uat1.hsbc.com.hk/login?uid=wglAfstMaImtTN1drQRk1&lang=en-HK Message: Refused to execute script from 'https://benefitsplus-auth-uat1.hsbc.com.hk/static/assets/tealium//utag.js' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

benefitsplus-auth-uat1.hsbc.com.hk
benefitsplus-uat1.hsbc.com.hk
fonts.googleapis.com
fonts.gstatic.com
tags.tiqcdn.com
2600:9000:214f:9600:e:eacb:a8c0:93a1
2600:9000:225e:ec00:7:2bfb:7c00:93a1
2a00:1450:4001:827::200a
2a00:1450:4001:829::2003
08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9
101ead936a2281d53dcc064b7e2a2ab0d53b92ef3ef7b34b668673007895c860
31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
4b98e82da5261a22970e177085ed1c4d0156e74c3d0a0a17a66760c5413d3af1
9467767079a490ee2a938f0dc4e111596f9a300d170df03e21c59ed8e9d042bb
a6a6c4cad34919cd1652a54a90191f5ac3c73ca00b24929a84e1e913cf605553
b993985ff05f78d526cded1f5dc315c58fc3f22be35ad674040aa455e4c09b8b
be81363ab71f61fa670727b693a9c17a03690e1ef5e697605d90c78c3b455fa4
c72dd13bdd7d055a1467558e0baaa1e4654739a3514999c1d29f616723361df0
f63aa9cbf1ed197a7e8d6e192bedd57a3376bc1defa5fc2bcc84835eed6900c9
f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4

benefitsplus-auth-uat1.hsbc.com.hk Open in urlscan Pro 2600:9000:214f:9600:e:eacb:a8c0:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

16 Requests

100 %HTTPS

100 %IPv6

4 Domains

5 Subdomains

4 IPs

2 Countries

121 kBTransfer

127 kBSize

5 Cookies

5 Outgoing links

Page URL History

Redirected requests

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

5 Cookies

4 Console Messages

Security Headers

Indicators

benefitsplus-auth-uat1.hsbc.com.hk Open in urlscan Pro
2600:9000:214f:9600:e:eacb:a8c0:93a1 Public Scan

Screenshot
Live screenshot

Full Image

16
Requests

100 %
HTTPS

100 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

121 kB
Transfer

127 kB
Size

5
Cookies

16 HTTP transactions
0 data transactions