urlscan.io logo urlscan.io
SecurityTrails logo

www.bankofamerica.com Open in urlscan Pro
171.161.102.100  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Submission: On June 21 via api from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 3 domains to perform 21 HTTP transactions. The main IP is 171.161.102.100, located in United States and belongs to BANKAMERICA, US. The main domain is www.bankofamerica.com. The Cisco Umbrella rank of the primary domain is 14319.
TLS certificate: Issued by Entrust Certification Authority - L1M on July 31st 2023. Valid for: a year.
This is the only time www.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 171.161.102.100 10794 (BANKAMERICA)
15 192.229.233.231 15133 (EDGECAST)
1 2600:9000:211... ()
21 4
Apex Domain
Subdomains		 Transfer
15 bac-assets.com
www2.bac-assets.com — Cisco Umbrella Rank: 190012
384 KB
3 bankofamerica.com
www.bankofamerica.com — Cisco Umbrella Rank: 14319
580 KB
1 tiqcdn.com
tags.tiqcdn.com
21 3
Domain Requested by
15 www2.bac-assets.com www.bankofamerica.com
www2.bac-assets.com
3 www.bankofamerica.com www2.bac-assets.com
1 tags.tiqcdn.com www.bankofamerica.com
21 3
Subject Issuer Validity Valid
www.bankofamerica.com
Entrust Certification Authority - L1M		 2023-07-31 -
2024-08-29		 a year crt.sh
www2.bac-assets.com
Entrust Certification Authority - L1M		 2023-06-23 -
2024-07-16		 a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02		 2024-03-19 -
2025-04-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.bankofamerica.com/security-center/privacy-overview/
Frame ID: 26E1BF37DAC47E1962BBFDB79E89BE78
Requests: 23 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bank of America Privacy Notices and Policies

Detected technologies

Overall confidence: 100%
Detected patterns
  • <div [^>]*class="[^"]*(?:small|medium|large)-\d{1,2} columns
Overall confidence: 100%
Detected patterns
  • require.*\.js

Page Statistics

21
Requests

90 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

4
IPs

1
Countries

964 kB
Transfer

4561 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

21 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bankofamerica.com/security-center/privacy-overview/ 		158 KB
38 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.100 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
12b8cde96d88d5f4c66da60019ce6e2ab507cbc079c2b4b5fe2cada549e3a4bb
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=1
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
36285
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
Content-Type
text/html
Date
Fri, 21 Jun 2024 14:07:29 GMT
ETag
"279d6-61a901d1577b1"
Expires
Fri, 21 Jun 2024 14:07:30 GMT
Keep-Alive
timeout=40, max=493
Last-Modified
Mon, 10 Jun 2024 21:48:45 GMT
Server
Oops
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding,User-Agent
X-BOA-RequestID
ZnWJISEuQr_uc3dD4RSFMwAAASc
X-Frame-Options
SAMEORIGIN
X-Serviced-By
/sparta/security-center/privacy-overview/--q8NCjsSjnicOL5GQwJKtzA==--F29W1oGiUbb0czyYmUoLPw==
babel-polyfill.js
www2.bac-assets.com/security-center/spa-assets/components/utilities/platform/ 		97 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/components/utilities/platform/babel-polyfill.js
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668B) /
Resource Hash
a108985f6e9a607d6e1b8cb294cdad7bffb288589c3f9fa3768b84763b0af94d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
age
289276
x-boa-requestid
ZnEfJhAP7F8EE9Ufi46WiAAAAXM
x-cache
HIT
content-length
34250
last-modified
Wed, 03 Jan 2024 18:10:29 GMT
server
ECS (frb/668B)
etag
"183fe-60e0e87b27dc6"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:30 GMT
3537a85d.css
www2.bac-assets.com/security-center/spa-assets/bundles/ 		2 MB
97 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/674D) /
Resource Hash
d4764beaaa8d40a0d70fb4f5b052fd3133cf4a589ea22033304ab7441c57721c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
age
286367
x-boa-requestid
ZnEqhThty48jwO6jxFwGbAAAAYs
x-cache
HIT
content-length
98907
last-modified
Thu, 30 May 2024 14:34:49 GMT
server
ECS (frb/674D)
etag
"18a83c-619acc4f24760"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=31536000
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:30 GMT
daee712.css
www2.bac-assets.com/security-center/spa-assets/bundles/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/bundles/daee712.css
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D3) /
Resource Hash
656063fcf219582b6f4cf39bb8a406f6db7ca993f86522dd5a9a24a0a0ba9663
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
age
285010
x-boa-requestid
ZnEv0Nr1XugXhiWvQsroKAAAAWo
x-cache
HIT
content-length
1028
last-modified
Mon, 30 Oct 2023 00:47:47 GMT
server
ECS (frb/67D3)
etag
"1f57-608e463042987"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=31536000
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:30 GMT
require.js
www2.bac-assets.com/security-center/spa-assets/components/utilities/vendor/require/2.2.0/js/ 		25 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/components/utilities/vendor/require/2.2.0/js/require.js
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6738) /
Resource Hash
adab1708b4b053c52d06be506c9630c44bb6a4b986d03344d3cf91997c9e6ad6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
age
289275
x-boa-requestid
ZnEfJ19wnzqAl6_EZxQ5NQAAAX0
x-cache
HIT
content-length
7899
last-modified
Wed, 03 Jan 2024 18:10:29 GMT
server
ECS (frb/6738)
etag
"6570-60e0e87b4f697"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:30 GMT
assets-images-global-logos-bac-logo-v2-CSX3648cbbb.svg
www2.bac-assets.com/security-center/spa-assets/images/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www2.bac-assets.com/security-center/spa-assets/images/assets-images-global-logos-bac-logo-v2-CSX3648cbbb.svg
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67C0) /
Resource Hash
7e6ce497138ce47d8ab66d70c46d245e1261d7f2d3f1db3556eec0ca1c82e2ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
age
289276
x-boa-requestid
ZnEfJvtFjl-bzc03xkruoQAAAE0
x-cache
HIT
content-length
1604
last-modified
Sun, 23 Jun 2019 16:48:02 GMT
server
ECS (frb/67C0)
etag
"d90-58c0075745480"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=26920000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:30 GMT
assets-images-site-security-center-top-engagement-area-module-privacy-notice-large-CSX1db73800.webp
www2.bac-assets.com/security-center/spa-assets/images/ 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www2.bac-assets.com/security-center/spa-assets/images/assets-images-site-security-center-top-engagement-area-module-privacy-notice-large-CSX1db73800.webp
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67D4) /
Resource Hash
612370ee1b24956cdea28fdffcb01c619a6b3d865c769c433652d3612ce3e236
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
age
281349
x-boa-requestid
ZnE-HTgLX2gjOv1q4OcnxAAAAVw
x-cache
HIT
content-length
75564
last-modified
Fri, 07 Aug 2020 20:39:24 GMT
server
ECS (frb/67D4)
etag
"1272c-5ac4f99b4f2e0"
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=26920000, public
accept-ranges
bytes
expires
Fri, 21 Jun 2024 14:07:31 GMT
assets-images-site-security-center-top-priority-module-locker-460-Circle-CSX415951ab.jpg
www2.bac-assets.com/security-center/spa-assets/images/ 		29 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www2.bac-assets.com/security-center/spa-assets/images/assets-images-site-security-center-top-priority-module-locker-460-Circle-CSX415951ab.jpg
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BE) /
Resource Hash
a5db21febc8440f34b1917be32c2d7818c863747a555a5d7b6576460735037ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
age
285012
x-boa-requestid
ZnEvzqMol8g75uCocjuOLAAAAHs
x-cache
HIT
content-length
30177
last-modified
Fri, 07 Aug 2020 20:39:24 GMT
server
ECS (frb/67BE)
etag
"75e1-5ac4f99b52990"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=26920000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:30 GMT
assets-images-site-security-center-privacy-notice-banner-banner-privacy-notice-large-CSXca49167d.webp
www2.bac-assets.com/security-center/spa-assets/images/ 		85 KB
85 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www2.bac-assets.com/security-center/spa-assets/images/assets-images-site-security-center-privacy-notice-banner-banner-privacy-notice-large-CSXca49167d.webp
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/668B) /
Resource Hash
341d70536cd5b4be9fa62afe7d46e7931115b7b11107815fdf85253491615467
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
age
281346
x-boa-requestid
ZnE-IJ8gXM8JLbDc5XRbFgAAAP8
x-cache
HIT
content-length
86724
last-modified
Fri, 07 Aug 2020 20:39:51 GMT
server
ECS (frb/668B)
etag
"152c4-5ac4f9b48d329"
x-frame-options
SAMEORIGIN
content-type
application/octet-stream
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=26920000, public
accept-ranges
bytes
expires
Fri, 21 Jun 2024 14:07:31 GMT
assets-images-global-logos-bofa_icon_optout1_ko-CSX2fdcab0b.png
www2.bac-assets.com/security-center/spa-assets/images/ 		499 B
631 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www2.bac-assets.com/security-center/spa-assets/images/assets-images-global-logos-bofa_icon_optout1_ko-CSX2fdcab0b.png
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6776) /
Resource Hash
b751cacb0eb62dcf85462b1cdb0eb1476707074976e6beae04fc9a144d912c3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
age
289276
x-boa-requestid
ZnEfJ19wnzqAl6_EZxQ5MgAAAR0
x-cache
HIT
content-length
499
last-modified
Mon, 30 Oct 2023 00:47:59 GMT
server
ECS (frb/6776)
etag
"1f3-608e463bfdc52"
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=26920000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:30 GMT
truncated
/ 		371 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
237e14a05f05a02caa2874a3c62bc47ac036941cea56f28460a371c179f61237

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf8
truncated
/ 		199 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
684703607eb155dc12adcab4c39e19e7b31492840a9e60bd3901eea6a95ad7a4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
assets-images-global-logos-icon-ehl-white-CSX189e8f4c.svg
www2.bac-assets.com/security-center/spa-assets/images/ 		380 B
396 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www2.bac-assets.com/security-center/spa-assets/images/assets-images-global-logos-icon-ehl-white-CSX189e8f4c.svg
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/privacy-overview/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67F3) /
Resource Hash
c90dbe69070de8b85da2a0d820d99cafce056ef64b3a4af14b4139095da0aa7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
age
289274
x-boa-requestid
ZnEfKHtpQJ-kuASTKlwBLAAAATE
x-cache
HIT
content-length
269
last-modified
Fri, 14 Aug 2020 18:08:01 GMT
server
ECS (frb/67F3)
etag
"17c-5acda4d3802d6"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=26920000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:30 GMT
cnx-regular.woff2
www2.bac-assets.com/security-center/spa-assets/components/utilities/global/sparta-style-utility/4.9.2/font/cnx-regular/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/components/utilities/global/sparta-style-utility/4.9.2/font/cnx-regular/cnx-regular.woff2
Requested by
Host: www2.bac-assets.com
URL: https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6712) /
Resource Hash
79f02d139cfd07f2a19e0a8831553b3de4627fcab371e18eb776af035465949b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Origin
https://www.bankofamerica.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
age
289275
x-boa-requestid
ZnEfKKRj_aOAyKfLqDKr2wAAAK8
x-cache
HIT
content-length
11608
last-modified
Thu, 30 May 2024 14:34:53 GMT
server
ECS (frb/6712)
etag
"2d58-619acc52b3d5d"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:31 GMT
roboto-regular.woff2
www2.bac-assets.com/security-center/spa-assets/components/utilities/global/sparta-style-utility/4.9.2/font/roboto-regular/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/components/utilities/global/sparta-style-utility/4.9.2/font/roboto-regular/roboto-regular.woff2
Requested by
Host: www2.bac-assets.com
URL: https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BC) /
Resource Hash
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Origin
https://www.bankofamerica.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
age
289275
x-boa-requestid
ZnEfKBAP7F8EE9Ufi46WnQAAAWk
x-cache
HIT
content-length
15736
last-modified
Thu, 30 May 2024 14:34:53 GMT
server
ECS (frb/67BC)
etag
"3d78-619acc52cfe94"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:31 GMT
cnx-medium.woff2
www2.bac-assets.com/security-center/spa-assets/components/utilities/global/sparta-style-utility/4.9.2/font/cnx-medium/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/components/utilities/global/sparta-style-utility/4.9.2/font/cnx-medium/cnx-medium.woff2
Requested by
Host: www2.bac-assets.com
URL: https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/6752) /
Resource Hash
a431986817e5d309cdd61c623a5259d6ea5840375876ffb41f5a2cab65ddd2e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Origin
https://www.bankofamerica.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
age
289275
x-boa-requestid
ZnEfKHtpQJ-kuASTKlwBLQAAAVk
x-cache
HIT
content-length
11984
last-modified
Thu, 30 May 2024 14:34:53 GMT
server
ECS (frb/6752)
etag
"2ed0-619acc52ad7cd"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:31 GMT
cnx-bold.woff2
www2.bac-assets.com/security-center/spa-assets/components/utilities/global/sparta-style-utility/4.9.2/font/cnx-bold/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/components/utilities/global/sparta-style-utility/4.9.2/font/cnx-bold/cnx-bold.woff2
Requested by
Host: www2.bac-assets.com
URL: https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/673A) /
Resource Hash
d48faa13adcd567a29299db487912dd91fd45f777cadf153520f52023b58cee7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www2.bac-assets.com/security-center/spa-assets/bundles/3537a85d.css
Origin
https://www.bankofamerica.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:31 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
age
288209
x-boa-requestid
ZnEjUnd6EOdVob4IU41T0gAAAQE
x-cache
HIT
content-length
11800
last-modified
Thu, 30 May 2024 14:34:53 GMT
server
ECS (frb/673A)
etag
"2e18-619acc529ab05"
x-frame-options
SAMEORIGIN
content-type
application/font-woff2
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=31536000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:31 GMT
9cb605c1.js
www.bankofamerica.com/security-center/spa-assets/bundles/ 		2 MB
533 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bankofamerica.com/security-center/spa-assets/bundles/9cb605c1.js
Requested by
Host: www2.bac-assets.com
URL: https://www2.bac-assets.com/security-center/spa-assets/components/utilities/vendor/require/2.2.0/js/require.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.100 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
3325c407362c02daa8688f643d805876576c6043ca212e12209109391503266a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/security-center/privacy-overview/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 21 Jun 2024 14:07:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
X-BOA-RequestID
ZnWJIyEuQr_uc3dD4RSFYQAAARg
X-Serviced-By
/sparta/security-center/spa-assets/bundles/9cb605c1.js--q8NCjsSjnicOL5GQwJKtzA==--F29W1oGiUbb0czyYmUoLPw==
Transfer-Encoding
chunked
Connection
Keep-Alive
Last-Modified
Mon, 10 Jun 2024 21:48:46 GMT
Server
Oops
ETag
"246abe-61a901d208ba6"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
application/x-javascript
Cache-Control
max-age=26920000, public
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=492
Expires
Fri, 21 Jun 2024 14:07:32 GMT
f063bdc6.js
www.bankofamerica.com/security-center/spa-assets/bundles/ 		63 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bankofamerica.com/security-center/spa-assets/bundles/f063bdc6.js
Requested by
Host: www2.bac-assets.com
URL: https://www2.bac-assets.com/security-center/spa-assets/components/utilities/vendor/require/2.2.0/js/require.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.102.100 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
Oops /
Resource Hash
5290c13210ddc766508f21b2b30ef59561e1021150c03f04e684950e4b5afcd9
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/security-center/privacy-overview/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 21 Jun 2024 14:07:31 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
X-BOA-RequestID
ZnWJIyEuQr_uc3dD4RSFdQAAASQ
X-Serviced-By
/sparta/security-center/spa-assets/bundles/f063bdc6.js--q8NCjsSjnicOL5GQwJKtzA==--F29W1oGiUbb0czyYmUoLPw==
Connection
Keep-Alive
Content-Length
7253
Last-Modified
Thu, 06 Jun 2024 18:26:08 GMT
Server
Oops
ETag
"fc33-61a3cd11ab236"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
application/x-javascript
Cache-Control
max-age=26920000, public
Accept-Ranges
bytes
Keep-Alive
timeout=40, max=496
Expires
Fri, 21 Jun 2024 14:07:32 GMT
utag.js
tags.tiqcdn.com/utag/bofa/main/prod/ 		43 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/bofa/main/prod/utag.js
Requested by
Host: www.bankofamerica.com
URL: https://www.bankofamerica.com/security-center/spa-assets/bundles/9cb605c1.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:211a:1600:7:2bfb:7c00:93a1 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
34TxVRLD.DNgie92Ftl9U.6OoxQMKqlv
content-encoding
br
via
1.1 955acc3fed5ff84789d05d4e8c15bf08.cloudfront.net (CloudFront)
date
Fri, 21 Jun 2024 14:04:16 GMT
last-modified
Thu, 23 May 2024 09:57:48 GMT
server
AmazonS3
x-amz-cf-pop
VIE50-C2
age
200
x-amz-server-side-encryption
AES256
etag
W/"36d1828ee3cfe3e3f7150ab3e04e4be6"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
qnWW5QrP-wdIDcUZQiRWIVFFh61YJcRhYeGZdMK76XSuCeBIopc5xA==
fetch.js
www.bankofamerica.com/security-center/spa-assets/components/utilities/vendor/fetch/2.0.3/js/ 		0
0
require-css.js
www.bankofamerica.com/security-center/spa-assets/components/utilities/vendor/require-css/0.1.11/js/ 		0
0
assets-images-global-favicon-favicon-CSX8d65d6e4.ico
www2.bac-assets.com/security-center/spa-assets/images/ 		15 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www2.bac-assets.com/security-center/spa-assets/images/assets-images-global-favicon-favicon-CSX8d65d6e4.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
192.229.233.231 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (frb/67BC) /
Resource Hash
d5bba1cae66759adfee0d50ab0419e6bb19a48f8c360e4be8e582ba75e7a1402
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 14:07:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
age
287988
x-boa-requestid
ZnEkM5ib9kvBLUNmF0w0GgAAADI
x-cache
HIT
content-length
2266
last-modified
Sun, 23 Jun 2019 16:48:02 GMT
server
ECS (frb/67BC)
etag
"3aee-58c0075745480"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
image/x-icon
access-control-allow-origin
https://www.bankofamerica.com
cache-control
max-age=26920000, public
accept-ranges
bytes
expires
Sat, 21 Jun 2025 14:07:35 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.bankofamerica.com
URL
https://www.bankofamerica.com/security-center/spa-assets/components/utilities/vendor/fetch/2.0.3/js/fetch.js
Domain
www.bankofamerica.com
URL
https://www.bankofamerica.com/security-center/spa-assets/components/utilities/vendor/require-css/0.1.11/js/require-css.js

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage boolean| setMDA boolean| isMDA object| digitalData object| nucleusSpartaProperties object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| createCSSBundleLink object| sparta function| requirejs function| require function| define object| theBody object| global undefined| handlebars object| spaParams object| spartaRequireLoop object| loopExecs object| required function| onLoopReady function| getCurriedBundleDefineShim

3 Cookies

Domain/Path Name / Value
.bankofamerica.com/ Name: WPID
Value: F2S1
.bankofamerica.com/ Name: SID
Value: 0002771E2D0066758921
.www.bankofamerica.com/ Name: TS0126dbc2
Value: 01c10528f5bed3c875468180ac8af846766fd17a80f6d4f9bace3b6070ffc17f6b23d00f52e238bf6a822ef6e051863d324603f45c

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com https: wss: data: blob:; script-src 'self' *.bankofamerica.com *.bac-assets.com *.ml.com fsa.merrilledge.com merrilledge.com s3.amazonaws.com boa-api.arkoselabs.com cdn.cookielaw.org resources.digital-cloud.medallia.com players.brightcove.net metrics.brightcove.com cdnapisec.kaltura.com tags.tiqcdn.com akamai.tiqcdn.com glance.net beta.glancecdn.net storage.glancecdn.net cct.google cdn.mplxtms.com cdn.tt.omtrdc.net data.cmcore.com data.coremetrics.com iocdn.coremetrics.com libs.coremetrics.com mc.coremetrics.com mcdata.coremetrics.com mktgcdn.coremetrics.com recs.coremetrics.com secure-cdn.mplxtms.com convertro.com stage.convertro.com idsync.rlcdn.com test.coremetrics.com testdata.coremetrics.com tmscdn.coremetrics.com glancecdn.net www.google-analytics.com maps.googleapis.com www.googletagmanager.com mboxedge34.tt.omtrdc.net anrdoezrs.net cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com bofa.demdex.net cdnstorage.myglance.net bankofamerica.tt.omtrdc.net www.paypalobjects.com cdn-bofa.myglance.net six.cdn-net.com vjs.zencdn.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' data: blob: *.bankofamerica.com *.bac-assets.com *.ml.com cdn.cookielaw.org glance.net beta.glancecdn.net storage.glancecdn.net convertro.com stage.convertro.com idsync.rlcdn.com glancecdn.net cdnstorage.myglance.net www.google-analytics.com cdn-bofa.myglance.net resources.digital-cloud.medallia.com 'unsafe-inline'; worker-src 'self' blob:; frame-ancestors 'self' *.bankofamerica.com *.ml.com *.merrilledge.com;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

tags.tiqcdn.com
www.bankofamerica.com
www2.bac-assets.com
www.bankofamerica.com
171.161.102.100
192.229.233.231
2600:9000:211a:1600:7:2bfb:7c00:93a1
12b8cde96d88d5f4c66da60019ce6e2ab507cbc079c2b4b5fe2cada549e3a4bb
237e14a05f05a02caa2874a3c62bc47ac036941cea56f28460a371c179f61237
3325c407362c02daa8688f643d805876576c6043ca212e12209109391503266a
341d70536cd5b4be9fa62afe7d46e7931115b7b11107815fdf85253491615467
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
5290c13210ddc766508f21b2b30ef59561e1021150c03f04e684950e4b5afcd9
612370ee1b24956cdea28fdffcb01c619a6b3d865c769c433652d3612ce3e236
656063fcf219582b6f4cf39bb8a406f6db7ca993f86522dd5a9a24a0a0ba9663
684703607eb155dc12adcab4c39e19e7b31492840a9e60bd3901eea6a95ad7a4
79f02d139cfd07f2a19e0a8831553b3de4627fcab371e18eb776af035465949b
7e6ce497138ce47d8ab66d70c46d245e1261d7f2d3f1db3556eec0ca1c82e2ec
a108985f6e9a607d6e1b8cb294cdad7bffb288589c3f9fa3768b84763b0af94d
a431986817e5d309cdd61c623a5259d6ea5840375876ffb41f5a2cab65ddd2e3
a5db21febc8440f34b1917be32c2d7818c863747a555a5d7b6576460735037ed
adab1708b4b053c52d06be506c9630c44bb6a4b986d03344d3cf91997c9e6ad6
b751cacb0eb62dcf85462b1cdb0eb1476707074976e6beae04fc9a144d912c3b
c90dbe69070de8b85da2a0d820d99cafce056ef64b3a4af14b4139095da0aa7a
d4764beaaa8d40a0d70fb4f5b052fd3133cf4a589ea22033304ab7441c57721c
d48faa13adcd567a29299db487912dd91fd45f777cadf153520f52023b58cee7
d5bba1cae66759adfee0d50ab0419e6bb19a48f8c360e4be8e582ba75e7a1402