urlscan.io logo urlscan.io
SecurityTrails logo

my.axa.lu Open in urlscan Pro
85.222.140.13  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://my.axa.lu/
Effective URL: https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
Submission: On October 12 via manual from LU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 19 HTTP transactions. The main IP is 85.222.140.13, located in United States and belongs to SALESFORCE, US. The main domain is my.axa.lu.
TLS certificate: Issued by Thawte TLS RSA CA G1 on May 22nd 2023. Valid for: a year.
This is the only time my.axa.lu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 85.222.140.10 14340 (SALESFORCE)
3 19 85.222.140.13 14340 (SALESFORCE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
19 4
Apex Domain
Subdomains		 Transfer
20 axa.lu
my.axa.lu
3 MB
1 gstatic.com
www.gstatic.com
187 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 2
1 KB
0 googletagmanager.com Failed
www.googletagmanager.com Failed
19 4
Domain Requested by
20 my.axa.lu 4 redirects my.axa.lu
1 www.gstatic.com www.google.com
1 www.google.com my.axa.lu
0 www.googletagmanager.com Failed my.axa.lu
19 4

This site contains links to these domains. Also see Links.

Domain
axa.lu
Subject Issuer Validity Valid
www.my.axa.lu
Thawte TLS RSA CA G1		 2023-05-22 -
2024-05-21		 a year crt.sh
www.google.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-18 -
2023-12-11		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
Frame ID: 68B9B4087F1C0E5861AB8EBA9D927BBB
Requests: 20 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. http://my.axa.lu/ HTTP 301
    https://my.axa.lu/ HTTP 301
    https://my.axa.lu/s/ Page URL
  2. https://my.axa.lu/s/login?ec=302&startURL=%2Fs%2F HTTP 302
    https://my.axa.lu/s/login/?ec=302&startURL=%2Fs%2F HTTP 301
    https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

19
Requests

95 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

2
Countries

2815 kB
Transfer

7835 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://my.axa.lu/ HTTP 301
    https://my.axa.lu/ HTTP 301
    https://my.axa.lu/s/ Page URL
  2. https://my.axa.lu/s/login?ec=302&startURL=%2Fs%2F HTTP 302
    https://my.axa.lu/s/login/?ec=302&startURL=%2Fs%2F HTTP 301
    https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://my.axa.lu/ HTTP 301
  • https://my.axa.lu/ HTTP 301
  • https://my.axa.lu/s/

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
my.axa.lu/s/
Redirect Chain
  • http://my.axa.lu/
  • https://my.axa.lu/
  • https://my.axa.lu/s/
1 KB
842 B 		Document
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
must-revalidate,no-cache,no-store
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Thu, 12 Oct 2023 08:22:05 GMT
referrer-policy
origin-when-cross-origin
server
sfdcedge
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-sfdc-request-id
59d080dbd2ccbc09eb7dfb7429268c86
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-length
0
content-security-policy
upgrade-insecure-requests
date
Thu, 12 Oct 2023 08:22:05 GMT
location
https://my.axa.lu/s/
referrer-policy
origin-when-cross-origin
server
sfdcedge
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-sfdc-request-id
7292a8adc5a4960c49ee4d3707fcb8ac
x-xss-protection
1; mode=block
Primary Request /
my.axa.lu/s/login/
Redirect Chain
  • https://my.axa.lu/s/login?ec=302&startURL=%2Fs%2F
  • https://my.axa.lu/s/login/?ec=302&startURL=%2Fs%2F
  • https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
203 KB
44 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
a381db40c1fcbf91eed9024082b466dc0dae3b3b483ff23cbf38287c948ee949
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests frame-ancestors 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.axa.lu/s/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-encoding
gzip
content-security-policy
upgrade-insecure-requests frame-ancestors 'self'
content-type
text/html;charset=UTF-8
date
Thu, 12 Oct 2023 08:22:06 GMT
expires
Wed, 12 Oct 2022 08:22:06 GMT
last-modified
Wed, 12 Oct 2022 08:22:06 GMT
link
</s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js>;rel=preload;as=script;nopush,</s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-244.20.4-2.41.4-b%22%2C%22parts%22%3A%22f%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22PKPZPHTlf8ebFaCfu1dMVw%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22618546923%22%7D/app.js?2=>;rel=preload;as=script;nopush
referrer-policy
origin-when-cross-origin
server
sfdcedge
server-timing
Total;dur=226
strict-transport-security
max-age=63072000; includeSubDomains
timing-allow-origin
*
vary
Origin, Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-sfdc-request-id
3efe208f5a44feb91c2334a29bcab9af
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-security-policy
upgrade-insecure-requests
date
Thu, 12 Oct 2023 08:22:06 GMT
location
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
referrer-policy
origin-when-cross-origin
server
sfdcedge
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-sfdc-request-id
b400f10fe96d9e0b0290c4af99016ced
x-xss-protection
1; mode=block
aura_prod.js
my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/ 		834 KB
261 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
41ffc9bd80bc2fd05acc4a7f5244eb8638b493da3f8f8c103ace06e3a608407e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server-timing
Total;dur=31
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Wed, 11 Oct 2023 08:22:06 GMT
server
sfdcedge
x-sfdc-request-id
b6fab526b1ccee959541808338004adc
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
Server-Timing
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
app.js
my.axa.lu/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-244.20.4-2.41.4-b%22%2C%22parts%22%3A%22f%22%2C%22loaded%22%3A%7B%22AP... 		2 MB
503 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-244.20.4-2.41.4-b%22%2C%22parts%22%3A%22f%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22PKPZPHTlf8ebFaCfu1dMVw%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22618546923%22%7D/app.js?2=
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
de6dd2a5a2e28e5c3c6b5f0a7eedce5174d45823973807914942ba5f747cde71
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 11 Oct 2023 08:22:06 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
6b299f2302cf5032d89184c07ee141ca
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
x-xss-protection
1; mode=block
api.js
www.google.com/recaptcha/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
790fbfefda609afb7a8018b8236dfb5647cf26320186bf3c98ff1daff951ff2e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:06 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 12 Oct 2023 08:22:06 GMT
fonts.css
my.axa.lu/s/sfsites/runtimedownload/ 		36 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/runtimedownload/fonts.css?lastMod=1687973121000&brandSet=6da4d444-b0ec-4cc0-82d2-7f8494a72e1c
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
8f4c9cc8fb2b652abd512dbcf104312910555e03e85ab6133d06431a430ff1c8
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 28 Jun 2023 17:25:21 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
9f5be272240bf5df6e4007fb75e095c4
vary
Accept-Encoding
content-type
text/css; charset=utf-8
cache-control
public,max-age=31536000
x-xss-protection
1; mode=block
expires
Fri, 11 Oct 2024 08:22:06 GMT
resources.js
my.axa.lu/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22fwuid%22%3A%22MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ%22%2C%2... 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22fwuid%22%3A%22MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22PKPZPHTlf8ebFaCfu1dMVw%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22JHt0aW1lc3RhbXB9MDAwMDAwMDA0MzJlbl9VUw%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22618546923%22%7D/resources.js?pv=16970415780001106271274&rv=1697041769000
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
11c05e878e1d99dc7a6069977242d43a996d3d42ef4aa5119ed7a3dbe584a200
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 11 Oct 2023 08:22:06 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
64fcefa61122deb8433a57bc174c986d
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
private,max-age=31536000,immutable
x-xss-protection
1; mode=block
bootstrap.js
my.axa.lu/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22fwuid%22%3A%22MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ%22%2C%2... 		52 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22fwuid%22%3A%22MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22PKPZPHTlf8ebFaCfu1dMVw%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22JHt0aW1lc3RhbXB9MDAwMDAwMDA0MzJlbl9VUw%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22618546923%22%7D/bootstrap.js?aura.attributes=%7B%22ac%22%3A%22%22%2C%22authenticated%22%3A%22false%22%2C%22brandingSetId%22%3A%226da4d444-b0ec-4cc0-82d2-7f8494a72e1c%22%2C%22formFactor%22%3A%22LARGE%22%2C%22isHybrid%22%3A%22false%22%2C%22language%22%3A%22en_US%22%2C%22pageId%22%3A%22e08a7f8c-440f-4932-b466-72f4511c556a%22%2C%22publishedChangelistNum%22%3A%2266%22%2C%22schema%22%3A%22Published%22%2C%22themeLayoutType%22%3A%22Login%22%2C%22uds%22%3A%22false%22%2C%22viewType%22%3A%22Published%22%7D
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
33aabcf2e7e61ed8993f5dc46f8f2f113b5a5cb66e6a9ff6f8bb8ba9803751dd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 12 Oct 2022 08:22:06 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
be759adacc32bc68aa43691529ee2148
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
x-xss-protection
1; mode=block
expires
Wed, 12 Oct 2022 08:22:06 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/ 		466 KB
187 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/lLirU0na9roYU3wDDisGJEVT/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e57ecbca07885a20fc56dbae51642fe0e95b58c96dba6ea1c5cbb15417b9a0df
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://my.axa.lu/
Origin
https://my.axa.lu
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 07:00:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
4875
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
190978
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 04:05:03 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 11 Oct 2024 07:00:51 GMT
app.css
my.axa.lu/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22PKPZPHTlf8ebFaCfu1dMVw%2... 		1 MB
128 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22PKPZPHTlf8ebFaCfu1dMVw%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AnapiliAuraTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AneutralTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AserializedTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AcommunityTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AauraDynamicTokens%22%5D%2C%22tuid%22%3A%22C4aztG-yb-MMBjI3nkAamw%22%2C%22cuid%22%3A955639432%7D%2C%22pathPrefix%22%3A%22%22%7D/app.css?2=&aura.attributes=%7B%22ac%22%3A%22%22%2C%22authenticated%22%3A%22false%22%2C%22brandingSetId%22%3A%226da4d444-b0ec-4cc0-82d2-7f8494a72e1c%22%2C%22formFactor%22%3A%22LARGE%22%2C%22isHybrid%22%3A%22false%22%2C%22language%22%3A%22en_US%22%2C%22pageId%22%3A%22e08a7f8c-440f-4932-b466-72f4511c556a%22%2C%22publishedChangelistNum%22%3A%2266%22%2C%22schema%22%3A%22Published%22%2C%22themeLayoutType%22%3A%22Login%22%2C%22uds%22%3A%22false%22%2C%22viewType%22%3A%22Published%22%7D
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
61e473db50c50130cd74a1ff0c6c22fc5f404d40412ec7d6425e7fb643e74784
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:06 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 11 Oct 2023 08:22:06 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
2902feb0e3ce84de9b15761a59e35c55
vary
Accept-Encoding
content-type
text/css;charset=UTF-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
x-xss-protection
1; mode=block
aura
my.axa.lu/s/sfsites/ 		119 KB
22 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/aura?message=%7B%22actions%22%3A%5B%7B%22descriptor%22%3A%22serviceComponent%3A%2F%2Fui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableComponentLoaderController%2FACTION%24getPageComponent%22%2C%22callingDescriptor%22%3A%22UNKNOWN%22%2C%22params%22%3A%7B%22attributes%22%3A%7B%22viewId%22%3A%229f68aba9-c08e-4ac4-a7b0-2ce05b2a543e%22%2C%22routeType%22%3A%22login-home%22%2C%22themeLayoutType%22%3A%22Login%22%2C%22params%22%3A%7B%22language%22%3A%22%22%2C%22ec%22%3A%22%22%2C%22startURL%22%3A%22%22%2C%22viewid%22%3A%22342f4def-c446-4118-a7b7-b49586ce29a5%22%2C%22view_uddid%22%3A%22%22%2C%22entity_name%22%3A%22%22%2C%22audience_name%22%3A%22%22%2C%22picasso_id%22%3A%22%22%2C%22routeId%22%3A%22%22%7D%2C%22hasAttrVaringCmps%22%3Afalse%2C%22pageLoadType%22%3A%22STANDARD_PAGE_CONTENT%22%2C%22includeLayout%22%3Atrue%7D%2C%22publishedChangelistNum%22%3A66%2C%22brandingSetId%22%3A%226da4d444-b0ec-4cc0-82d2-7f8494a72e1c%22%7D%7D%5D%7D&aura.context=%7B%22mode%22%3A%22PROD%22%2C%22fwuid%22%3A%22MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22PKPZPHTlf8ebFaCfu1dMVw%22%7D%2C%22apck%22%3A%22JHt0aW1lc3RhbXB9MDAwMDAwMDA0MzJlbl9VUw%22%2C%22uad%22%3Afalse%7D&aura.isAction=true
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
5a360af0984f098895b8eaadbba385b796f8638e8fd64485bde8fe72938ffb34
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
abd9af67-0f52-4f86-916d-9e0eea971d04
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 11 Oct 2023 08:22:07 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
5d28a7361728536a35049cdee64d9642
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public,max-age=1800
x-xss-protection
1; mode=block
expires
Wed, 12 Oct 2022 08:22:06 GMT
js
www.googletagmanager.com/gtag/ 		0
0
mockuplogin3
my.axa.lu/file-asset/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.axa.lu/file-asset/mockuplogin3?v=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
0593e69ed56bd73895124256bfd867d42ef24be38f763849a38b93d81d628d92
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
p3p
CP="CUR OTR STA"
content-disposition
attachment; filename="mockuplogin3.jpg"; filename*=utf-8''mockuplogin3.jpg
content-length
1299431
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Mon, 12 Jun 2023 23:01:14 GMT
server
sfdcedge
x-sfdc-request-id
2664e3ac5e9468c51f19705f8398a359
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
*
cache-control
private,max-age=3888000
expires
Sun, 26 Nov 2023 08:22:07 GMT
aura
my.axa.lu/s/sfsites/ 		8 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/aura?r=1&ui-force-components-controllers-hostConfig.HostConfig.getConfigData=1
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
a1d97288a0b2859223a2d7d661628a042c31fac9726fdd1b8b416ed005c60b11
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
abd9af67-0f52-4f86-916d-9e0eea971d04
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 12 Oct 2023 08:22:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 12 Oct 2022 08:22:07 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
0652c3e7dcbad0a5f1a732ec8c4bffe9
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
server-timing
Total;dur=35
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Wed, 12 Oct 2022 08:22:07 GMT
aura
my.axa.lu/s/sfsites/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/aura?message=%7B%22actions%22%3A%5B%7B%22descriptor%22%3A%22serviceComponent%3A%2F%2Fui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableAttributeLoaderController%2FACTION%24getComponentAttributes%22%2C%22callingDescriptor%22%3A%22markup%3A%2F%2Fsiteforce%3ApageLoader%22%2C%22params%22%3A%7B%22viewOrThemeLayoutId%22%3A%220be98860-9c47-4f18-8c3d-0072c2cf27a2%22%2C%22publishedChangelistNum%22%3A66%2C%22audienceKey%22%3A%22rcvzPnVZ8Anb9xTnbtO_Pw%22%7D%2C%22version%22%3A%2258.0%22%2C%22storable%22%3Atrue%7D%5D%7D&aura.context=%7B%22mode%22%3A%22PROD%22%2C%22fwuid%22%3A%22MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%22PKPZPHTlf8ebFaCfu1dMVw%22%7D%2C%22apck%22%3A%22JHt0aW1lc3RhbXB9MDAwMDAwMDA0MzJlbl9VUw%22%2C%22uad%22%3Afalse%7D&aura.isAction=true
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
18cf0010f8ffaf6de7812d3a6a7e0629ba34fbb163a97e3067448f7f1149cb75
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
abd9af67-0f52-4f86-916d-9e0eea971d04
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 11 Oct 2023 08:22:07 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
c8f194b80ea438e853f5efcad68fabd6
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
public,max-age=604800
x-xss-protection
1; mode=block
expires
Wed, 12 Oct 2022 08:22:07 GMT
aura
my.axa.lu/s/sfsites/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/aura?r=3&applauncher.CommunityLogo.getCommunityName=1&applauncher.CommunityLogo.getLogoURL=1&applauncher.LoginForm.getForgotPasswordUrl=1&applauncher.LoginForm.getSelfRegistrationUrl=1&applauncher.LoginForm.getUsernamePasswordSelfRegEnabled=1&ui-communities-components-aura-components-forceCommunity-languagePicker.LanguagePicker.getInitData=1&ui-communities-components-aura-components-forceCommunity-richText.RichText.getParsedRichTextValue=3
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
4f818a31509b894efbc17c6628e81e6d2b0903da5bf42881a331275999de79aa
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
abd9af67-0f52-4f86-916d-9e0eea971d04
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 12 Oct 2023 08:22:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 12 Oct 2022 08:22:07 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
486d4af1adc44335c1ebb9948ba92193
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
server-timing
Total;dur=174
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Wed, 12 Oct 2022 08:22:07 GMT
aura
my.axa.lu/s/sfsites/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/aura?r=4&applauncher.LoginForm.getLoginRightFrameUrl=1
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
4e57ef5f6070ec896e9076d7b1b6e288a9df72ee066a479c0b8a5dbbebab4208
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
abd9af67-0f52-4f86-916d-9e0eea971d04
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 12 Oct 2023 08:22:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 12 Oct 2022 08:22:07 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
d549f0a8f5460f5f5e9b02c00fe24b0e
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
server-timing
Total;dur=58
timing-allow-origin
*
x-xss-protection
1; mode=block
expires
Wed, 12 Oct 2022 08:22:07 GMT
truncated
/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
13ae7e5a59de6cef3c3cedeaa348b17157b3cbc2b1bc9607c6d84ced4d137269

Request headers

Referer
https://my.axa.lu/
Origin
https://my.axa.lu
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
application/x-font-woff
aura
my.axa.lu/s/sfsites/ 		1 MB
312 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://my.axa.lu/s/sfsites/aura?r=5&aura.Component.getComponentDef=1
Requested by
Host: my.axa.lu
URL: https://my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
08d717042e1a0f5b30853d318984399197b881696f520f9eb8b64dbdc48e31c2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
accept-language
de-DE,de;q=0.9
X-SFDC-Page-Scope-Id
abd9af67-0f52-4f86-916d-9e0eea971d04
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

date
Thu, 12 Oct 2023 08:22:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Wed, 12 Oct 2022 08:22:07 GMT
server
sfdcedge
content-encoding
gzip
x-sfdc-request-id
49c8e78e5a960aef144ecf478169fc74
vary
Origin, Accept-Encoding
content-type
application/json
cache-control
no-cache,must-revalidate,max-age=0,no-store,private
x-xss-protection
1; mode=block
expires
Wed, 12 Oct 2022 08:22:07 GMT
servlet.ImageServer
my.axa.lu/servlet/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.axa.lu/servlet/servlet.ImageServer?id=0157T000000xrAw&oid=00D2X000001e8Eb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
8cabb7dd679bf69178e893e6af5ec99750f5585867b567c6f96f80a318da2858
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://my.axa.lu/s/login/?language=en_US&ec=302&startURL=%2Fs%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Thu, 12 Oct 2023 08:22:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
upgrade-insecure-requests
last-modified
Thu, 7 Sep 2023 08:05:44 GMT
referrer-policy
origin-when-cross-origin
server
sfdcedge
x-sfdc-request-id
321e74600e4c8b3975fe5a22376c3de0
content-type
image/png
cache-control
public,max-age=900
x-xss-protection
1; mode=block
expires
Thu, 12 Oct 2023 08:37:07 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=265385622

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| verifyCallback function| expireCallback function| errorCallback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| picassoSPA string| comm__attrVariationKey number| pageStartTime object| Aura object| AuraLocker object| AuraLockerDisabled object| $A object| aura function| DOMPurify object| recaptcha function| Router object| dataLayer function| gtag

4 Cookies

Domain/Path Name / Value
my.axa.lu/s Name: renderCtx
Value: %7B%22pageId%22%3A%22e08a7f8c-440f-4932-b466-72f4511c556a%22%2C%22schema%22%3A%22Published%22%2C%22viewType%22%3A%22Published%22%2C%22brandingSetId%22%3A%226da4d444-b0ec-4cc0-82d2-7f8494a72e1c%22%2C%22audienceIds%22%3A%226Au7R000000TO8r%2C6Au7R000000TO8w%2C6Au7R000000TO8i%22%7D
my.axa.lu/ Name: CookieConsentPolicy
Value: 0:1
my.axa.lu/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
my.axa.lu/ Name: sfdc-stream
Value: !7SdhMqW3tj1vbDHXCFoMnt5MAJE71lVbLddSRJTeRmjzS7O0M97LCjqmqH/DL5oDEPsTRC4zpCeG7Q==

1 Console Messages

Source Level URL
Text
security error URL: https://my.axa.lu/s/sfsites/auraFW/javascript/MlRqRU5YT3pjWFRNenJranFOMWFjQXlMaWFpdmxPSTZWeEo0bWtiN0hsaXcyNDQuMjAuNC0yLjQxLjQ/aura_prod.js(Line 12)
Message:
Refused to load the script 'https://www.googletagmanager.com/gtag/js?id=265385622' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' https://service.force.com/embeddedservice/ https://cdn.content.aws-dev2-uswest2.aws.sfdc.cl/ https://cdn.content.aws-prod1-useast1.aws.sfdc.cl/ https://payments.salesforce.com/ https://js.stripe.com/ import: blob: https://uip.canary.lwc.dev https://www.google.com https://gstatic.com https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__en.js https://www.google.com/recaptcha/api.js https://www.gstatic.com/recaptcha/releases/pRiAUlKgZOMcFLsfzZTeGtOA/recaptcha__en.js https://www.gstatic.com/recaptcha/releases/pRiAUlKgZOMcFLsfzZTeGtOA/recaptcha__fr.js https://www.gstatic.com/recaptcha/releases/jxFQ7RQ9s9HTGKeWcoa6UQdD/recaptcha__fr.js https://www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

my.axa.lu
www.google.com
www.googletagmanager.com
www.gstatic.com
www.googletagmanager.com
2a00:1450:4001:80b::2004
2a00:1450:4001:830::2003
85.222.140.10
85.222.140.13
0593e69ed56bd73895124256bfd867d42ef24be38f763849a38b93d81d628d92
08d717042e1a0f5b30853d318984399197b881696f520f9eb8b64dbdc48e31c2
11c05e878e1d99dc7a6069977242d43a996d3d42ef4aa5119ed7a3dbe584a200
13ae7e5a59de6cef3c3cedeaa348b17157b3cbc2b1bc9607c6d84ced4d137269
18cf0010f8ffaf6de7812d3a6a7e0629ba34fbb163a97e3067448f7f1149cb75
33aabcf2e7e61ed8993f5dc46f8f2f113b5a5cb66e6a9ff6f8bb8ba9803751dd
41ffc9bd80bc2fd05acc4a7f5244eb8638b493da3f8f8c103ace06e3a608407e
4e57ef5f6070ec896e9076d7b1b6e288a9df72ee066a479c0b8a5dbbebab4208
4f818a31509b894efbc17c6628e81e6d2b0903da5bf42881a331275999de79aa
5a360af0984f098895b8eaadbba385b796f8638e8fd64485bde8fe72938ffb34
61e473db50c50130cd74a1ff0c6c22fc5f404d40412ec7d6425e7fb643e74784
790fbfefda609afb7a8018b8236dfb5647cf26320186bf3c98ff1daff951ff2e
8cabb7dd679bf69178e893e6af5ec99750f5585867b567c6f96f80a318da2858
8f4c9cc8fb2b652abd512dbcf104312910555e03e85ab6133d06431a430ff1c8
a1d97288a0b2859223a2d7d661628a042c31fac9726fdd1b8b416ed005c60b11
a381db40c1fcbf91eed9024082b466dc0dae3b3b483ff23cbf38287c948ee949
de6dd2a5a2e28e5c3c6b5f0a7eedce5174d45823973807914942ba5f747cde71
e57ecbca07885a20fc56dbae51642fe0e95b58c96dba6ea1c5cbb15417b9a0df