urlscan.io logo urlscan.io
SecurityTrails logo

banco.bde.es Open in urlscan Pro
77.73.203.112  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bde.csod.com/samldefault.aspx?returnurl=%252fDeepLink%252fProcessRedirect.aspx%253fmodule%253dphnxdriver%2526...
Effective URL: https://banco.bde.es/fim/sps/bdei2p/saml20/login
Submission: On September 18 via manual from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 13 HTTP transactions. The main IP is 77.73.203.112, located in Madrid, Spain and belongs to BANCOESPANAAS, ES. The main domain is banco.bde.es.
TLS certificate: Issued by Entrust Certification Authority - L1K on October 6th 2022. Valid for: a year.
This is the only time banco.bde.es was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 13.32.99.10 16509 (AMAZON-02)
1 77.73.203.112 20905 (BANCOESPA...)
11 77.73.203.21 20905 (BANCOESPA...)
13 3
Apex Domain
Subdomains		 Transfer
12 bde.es
banco.bde.es
www.bde.es
57 KB
1 csod.com
bde.csod.com
3 KB
13 2
Domain Requested by
11 www.bde.es banco.bde.es
www.bde.es
1 banco.bde.es
1 bde.csod.com
13 3

This site contains links to these domains. Also see Links.

Domain
www.bde.es
Subject Issuer Validity Valid
*.csod.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-06 -
2024-05-06		 a year crt.sh
banco.bde.es
Entrust Certification Authority - L1K		 2022-10-06 -
2023-11-04		 a year crt.sh
bde.es
Entrust Certification Authority - L1K		 2023-06-01 -
2024-07-01		 a year crt.sh

This page contains 1 frames:

Primary Page: https://banco.bde.es/fim/sps/bdei2p/saml20/login
Frame ID: 423CC73B486C6A286DEBFEBF1E8D8D71
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Banco de EspaƱa - Aviso error 404

Page URL History Show full URLs

  1. https://bde.csod.com/samldefault.aspx?returnurl=%252fDeepLink%252fProcessRedirect.aspx%253fmodule... Page URL
  2. https://banco.bde.es/fim/sps/bdei2p/saml20/login Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

60 kB
Transfer

144 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bde.csod.com/samldefault.aspx?returnurl=%252fDeepLink%252fProcessRedirect.aspx%253fmodule%253dphnxdriver%2526routename%253dSocial%252fTopic%252fPosting%252fDiscussionPostingDetails%2526Posting%253d3063 Page URL
  2. https://banco.bde.es/fim/sps/bdei2p/saml20/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
samldefault.aspx
bde.csod.com/ 		4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bde.csod.com/samldefault.aspx?returnurl=%252fDeepLink%252fProcessRedirect.aspx%253fmodule%253dphnxdriver%2526routename%253dSocial%252fTopic%252fPosting%252fDiscussionPostingDetails%2526Posting%253d3063
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.10 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-10.fra60.r.cloudfront.net
Software
edge-ls /
Resource Hash
433a7bbb10a5e565debb966245b5d99c5239fb2b8fd4afd7259621c4b7138de7
Security Headers
Name Value
Strict-Transport-Security max-age=156768000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

cache-control
no-cache
content-encoding
gzip
content-type
text/html; charset=utf-8
correlation_id
378dfb8b-7158-4f2b-a395-56722b3a961f
date
Mon, 18 Sep 2023 09:04:14 GMT
expires
-1
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
permissions-policy
geolocation=()
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
pragma
no-cache
s-n
34J0
server
edge-ls
strict-transport-security
max-age=156768000; includeSubdomains
true_route
/samldefault.aspx
true_status
Ok
vary
Accept-Encoding
via
1.1 0a71d283a25c1e3f082b4dbc9d844dfe.cloudfront.net (CloudFront)
x-amz-cf-id
PalTfVTBVXmaYLuhjTpI-61s4xt9Zm2AJFJpqnl8ztcU74KdI5vrXA==
x-amz-cf-pop
FRA60-P3
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-kong-proxy-latency
2
x-kong-upstream-latency
31
x-kong-upstream-status
200
x-robots-tag
noindex
x-xss-protection
1; mode=block
Primary Request login
banco.bde.es/fim/sps/bdei2p/saml20/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://banco.bde.es/fim/sps/bdei2p/saml20/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.112 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
banco.bde.es
Software
/
Resource Hash
7fac0d90cb906b0ba9f008e919a2bd19f94eca74e3300a5c5c457c4933aea94b

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://bde.csod.com
Referer
https://bde.csod.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36
accept-language
es-ES,es;q=0.9

Response headers

Cache-Control
no-cache
Connection
close
Content-Length
2455
Content-Type
text/html; charset=utf-8
Pragma
no-cache
comun.js
www.bde.es/webbde/js/ 		34 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bde.es/webbde/js/comun.js
Requested by
Host: banco.bde.es
URL: https://banco.bde.es/fim/sps/bdei2p/saml20/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
1f1f740bfdbdd9f97255b384830ac38697a4a240a7141e579916487592ddc31a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://banco.bde.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Sat, 05 Sep 2015 14:53:41 GMT
content-encoding
gzip
etag
W/"55eb01f5-8961"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
x-bde-path
locationdefault
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
Transfer-Encoding
chunked
accept-ranges
bytes
estilos.css
www.bde.es/webbde/css/ 		86 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bde.es/webbde/css/estilos.css
Requested by
Host: banco.bde.es
URL: https://banco.bde.es/fim/sps/bdei2p/saml20/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
12ed0441f23a32f2b75b1553192d82997056e8d500dee4e15ca1bc10747fde60
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://banco.bde.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Tue, 27 May 2014 13:33:21 GMT
content-encoding
gzip
etag
W/"53849421-15609"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
x-bde-path
locationdefault
content-type
text/css
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
Transfer-Encoding
chunked
accept-ranges
bytes
logo.gif
www.bde.es/webbde/img/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bde.es/webbde/img/logo.gif
Requested by
Host: banco.bde.es
URL: https://banco.bde.es/fim/sps/bdei2p/saml20/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
f5d609691cc4d83a5ebd32a247635cfa3aa82798b419bf4047b4625aa939340c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://banco.bde.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Wed, 17 Jun 2020 16:46:03 GMT
etag
"5eea48cb-c15"
x-frame-options
SAMEORIGIN
x-bde-path
locationdefault
content-type
image/gif
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
accept-ranges
bytes
content-length
3093
sugerencias.js
www.bde.es/webbde/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bde.es/webbde/js/sugerencias.js
Requested by
Host: www.bde.es
URL: https://www.bde.es/webbde/js/comun.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
ec528e1816518cc0b347b234a27121d7bfea9f107fbbba28c8d88f458af6c7e7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://banco.bde.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Mon, 17 Dec 2012 09:58:33 GMT
content-encoding
gzip
etag
W/"50ceecc9-d9a"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
x-bde-path
locationdefault
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
Transfer-Encoding
chunked
accept-ranges
bytes
autocompleterLocal.js
www.bde.es/webbde/js/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bde.es/webbde/js/autocompleterLocal.js
Requested by
Host: www.bde.es
URL: https://www.bde.es/webbde/js/comun.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
a1d12eba1763c798197c04a27a22e73029cffbb8626a9552cd2f6715323b7639
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://banco.bde.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Wed, 19 Feb 2020 08:42:26 GMT
content-encoding
gzip
etag
W/"5e4cf4f2-11da"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
x-bde-path
locationdefault
content-type
application/javascript
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
Transfer-Encoding
chunked
accept-ranges
bytes
estilos-js.css
www.bde.es/webbde/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bde.es/webbde/css/estilos-js.css
Requested by
Host: www.bde.es
URL: https://www.bde.es/webbde/js/comun.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
68fb0d705d441e780cca1d5a5629a9718b03a152434f86352ca1e14bd5a230b2
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://banco.bde.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Mon, 12 Nov 2012 18:51:10 GMT
content-encoding
gzip
etag
W/"50a1451e-80e"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
x-bde-path
locationdefault
content-type
text/css
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
Transfer-Encoding
chunked
accept-ranges
bytes
imprimir.css
www.bde.es/webbde/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bde.es/webbde/css/imprimir.css
Requested by
Host: banco.bde.es
URL: https://banco.bde.es/fim/sps/bdei2p/saml20/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
b35555be1e199a235a30b808fef792d7b84293c59e899f33cbfd099adf51a00d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://banco.bde.es/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Thu, 27 Jan 2011 07:46:53 GMT
content-encoding
gzip
etag
W/"4d4122ed-614"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
x-bde-path
locationdefault
content-type
text/css
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
Transfer-Encoding
chunked
accept-ranges
bytes
logo_bde.gif
www.bde.es/webbde/img/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bde.es/webbde/img/logo_bde.gif
Requested by
Host: www.bde.es
URL: https://www.bde.es/webbde/css/estilos.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
f5d609691cc4d83a5ebd32a247635cfa3aa82798b419bf4047b4625aa939340c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://www.bde.es/webbde/css/estilos.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Tue, 13 Sep 2011 09:25:30 GMT
etag
"4e6f218a-c15"
x-frame-options
SAMEORIGIN
x-bde-path
locationdefault
content-type
image/gif
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
accept-ranges
bytes
content-length
3093
sombraMenu.gif
www.bde.es/webbde/img/ 		239 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bde.es/webbde/img/sombraMenu.gif
Requested by
Host: www.bde.es
URL: https://www.bde.es/webbde/css/estilos.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
e44a6afcfe0ba1587be2b6727232b09750b966825c75a1293f5d30276f5dc7a9
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://www.bde.es/webbde/css/estilos.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Wed, 03 Dec 2008 13:27:40 GMT
etag
"4936894c-ef"
x-frame-options
SAMEORIGIN
x-bde-path
locationdefault
content-type
image/gif
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
accept-ranges
bytes
content-length
239
fondoLeft.gif
www.bde.es/webbde/img/ 		82 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bde.es/webbde/img/fondoLeft.gif
Requested by
Host: www.bde.es
URL: https://www.bde.es/webbde/css/estilos.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
d0e435ffa9b6f14305ffd2c5be0cf0e320faf88eaa9404f3879bd26c0cffff1e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://www.bde.es/webbde/css/estilos.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Wed, 03 Dec 2008 13:27:38 GMT
etag
"4936894a-52"
x-frame-options
SAMEORIGIN
x-bde-path
locationdefault
content-type
image/gif
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
accept-ranges
bytes
content-length
82
back.gif
www.bde.es/webbde/img/ 		56 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bde.es/webbde/img/back.gif
Requested by
Host: www.bde.es
URL: https://www.bde.es/webbde/css/estilos.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
77.73.203.21 Madrid, Spain, ASN20905 (BANCOESPANAAS, ES),
Reverse DNS
www.bde.es
Software
/
Resource Hash
781232d8b848fee7b5b0e9cf40116576ace7dc91f9584b20bc09b97db28ed7b5
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
Strict-Transport-Security max-age=2592001
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
es-ES,es;q=0.9
Referer
https://www.bde.es/webbde/css/estilos.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.88 Safari/537.36

Response headers

date
Mon, 18 Sep 2023 09:04:15 GMT
content-security-policy
default-src 'self' *.bde.es; style-src 'self' *.bde.es d3usyxos00s4ty.cloudfront.net *.genial.ly fonts.googleapis.com *.gstatic.com 'unsafe-inline'; script-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com www.youtube.com *.ytimg.com maps.googleapis.com *.playbuzz.com *.ex.co *.genial.ly d3usyxos00s4ty.cloudfront.net 'unsafe-inline' addsearch.com; img-src 'self' *.bde.es *.google-analytics.com *.googletagmanager.com img.youtube.com maps.googleapis.com *.gstatic.com genially.blob.core.windows.net *.ytimg.com *.genial.ly *.playbuzz.com *.ex.co data:; frame-src 'self' *.bde.es maps.google.es www.youtube.com www.google.com *.world-television.com app.powerbi.com view.genial.ly *.playbuzz.com *.ex.co; font-src 'self' *.bde.es fonts.googleapis.com *.gstatic.com *.genial.ly d3usyxos00s4ty.cloudfront.net; connect-src 'self' *.bde.es *.playbuzz.com *.ex.co *.google-analytics.com *.googletagmanager.com *.genial.ly api.addsearch.com; media-src 'self' *.bde.es *.ex.co *.genial.ly genially.blob.core.windows.net d3usyxos00s4ty.cloudfront.net *.playbuzz.com data: blob:;
x-content-type-options
nosniff
strict-transport-security
max-age=2592001
last-modified
Tue, 24 Feb 2009 10:06:42 GMT
etag
"49a3c6b2-38"
x-frame-options
SAMEORIGIN
x-bde-path
locationdefault
content-type
image/gif
cache-control
public, max-age=300, must-revalidate, proxy-revalidate
x-server
BDE 1.0.0
accept-ranges
bytes
content-length
56

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| getPathToStaticFiles string| pathToStaticFiles function| importa_js object| Css function| readyState function| DomReady function| ocultaTb object| position function| scrollToElement object| writeCalendar function| getElementsByClass function| resize function| MM_jumpMenuGo function| MM_findObj function| MM_jumpMenu function| MM_goToURL function| imprimir function| mostrarActos object| scripts string| styCss function| onDomReady object| dom object| sugerencias undefined| doBusquedaEstandar undefined| doBusquedaAvanzada undefined| __highlight number| j object| nodisp object| impr object| logoBdE

2 Cookies

Domain/Path Name / Value
bde.csod.com/ Name: ASP.NET_SessionId
Value: d2doopthrb02ytnq3js4ojrk
banco.bde.es/ Name: TS879a16af027
Value: 08d4dc4ab1ab2000f9860c2399c733054c090be821c1c666a286853aa67bc3c3402f281721c687a1084bea3dee1130007b68b535ca12cf29e05ce155e602f9e027865ade55901bda2b41712c71cecc25b9acd5f5f0b1c2755da5c40f4a516611

1 Console Messages

Source Level URL
Text
network error URL: https://banco.bde.es/fim/sps/bdei2p/saml20/login
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=156768000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block