bank-avera.ch Open in urlscan Pro
20.250.18.7 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://bank-avera.ch/
Submission: On December 04 via api (December 4th 2023, 8:15:10 am UTC) from CH — Scanned from CH

Summary HTTP 56 Redirects Links 8 Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 8 domains to perform 56 HTTP transactions. The main IP is 20.250.18.7, located in Zurich, Switzerland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is bank-avera.ch.
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2022 - 1 on October 5th 2023. Valid for: a year.

This is the only time bank-avera.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	20.250.18.7 20.250.18.7	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2a00:1450:400... 2a00:1450:4001:829::2004	15169 (GOOGLE) (GOOGLE)
8	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:813::2008	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c07::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f17... 2a03:2880:f177:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:800::2003	15169 (GOOGLE) (GOOGLE)
56	11

31 20.250.18.7 (Zurich, Switzerland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bank-avera.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2a00:1450:4001:829::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
31	bank-avera.ch bank-avera.ch	2 MB
10	gstatic.com www.gstatic.com fonts.gstatic.com	856 KB
8	google.com www.google.com — Cisco Umbrella Rank: 2 region1.analytics.google.com — Cisco Umbrella Rank: 2693	104 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 168	91 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 36	167 KB
1	facebook.com www.facebook.com — Cisco Umbrella Rank: 98	185 B
1	google.ch www.google.ch — Cisco Umbrella Rank: 30501	408 B
1	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 75	253 B
56	8

	Domain	Requested by
31	bank-avera.ch	bank-avera.ch
8	www.gstatic.com	www.google.com www.gstatic.com
7	www.google.com	bank-avera.ch www.gstatic.com www.google.com
2	fonts.gstatic.com	www.google.com
2	connect.facebook.net	bank-avera.ch connect.facebook.net
2	www.googletagmanager.com	bank-avera.ch www.googletagmanager.com
1	www.facebook.com	bank-avera.ch
1	www.google.ch	bank-avera.ch
1	stats.g.doubleclick.net	www.googletagmanager.com
1	region1.analytics.google.com	www.googletagmanager.com
56	10

This site contains links to these domains. Also see Links.

Domain
ebanking.bank-avera.ch
marktdaten.fuw.ch
www.cu25.ch
www.google.ch
www.instagram.com
www.tiktok.com
www.facebook.com
www.linkedin.com

Subject Issuer	Validity	Valid
bank-avera.ch SwissSign RSA TLS OV ICA 2022 - 1	`2023-10-05` - `2024-10-05`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-09-12` - `2023-12-11`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.ch GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-10-23` - `2024-01-15`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://bank-avera.ch/
Frame ID: 6EFB9CE7CA3E16455B7E88279F37A53A
Requests: 42 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdDMM4UAAAAAKPkT58E0gLvSBxuhyv6H2aD4HJs&co=aHR0cHM6Ly9iYW5rLWF2ZXJhLmNoOjQ0Mw..&hl=de-CH&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&badge=inline&cb=1ypr3p526bkc
Frame ID: A22D06F22898719AE7337D524737192F
Requests: 7 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdDMM4UAAAAAKPkT58E0gLvSBxuhyv6H2aD4HJs&co=aHR0cHM6Ly9iYW5rLWF2ZXJhLmNoOjQ0Mw..&hl=de-CH&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&badge=inline&cb=2nv842nihesf
Frame ID: 61D4CDA9E4429E0CE44D1FAEDA9B4177
Requests: 4 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdDMM4UAAAAAKPkT58E0gLvSBxuhyv6H2aD4HJs&co=aHR0cHM6Ly9iYW5rLWF2ZXJhLmNoOjQ0Mw..&hl=de-CH&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&badge=inline&cb=lsa4e9i5ratp
Frame ID: 208DB458A51D28913D0C52AA1B16C89D
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank Avera – Wir verstehen uns.

Detected technologies

Concrete5 (CMS) Expand

Overall confidence: 100%
Detected patterns

/concrete/js/

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

56
Requests

100 %
HTTPS

90 %
IPv6

8
Domains

10
Subdomains

11
IPs

4
Countries

3450 kB
Transfer

7875 kB
Size

3
Cookies

8 Outgoing links

These are links going to different origins than the main page.

URL: https://ebanking.bank-avera.ch/
Title: E-Banking

Search URL Search Domain Scan URL

URL: https://marktdaten.fuw.ch/
Title: Börseninfos

Search URL Search Domain Scan URL

URL: https://www.cu25.ch/
Title: CU25 - Jugendliche

Search URL Search Domain Scan URL

URL: https://www.google.ch/maps/dir//Spitalstrasse+2,+8620+Wetzikon/@47.3185239,8.7915346,17z/data=!4m8!4m7!1m0!1m5!1m1!1s0x479abbb808065e4f:0xacee4e42a1f8e590!2m2!1d8.7937233!2d47.3185203
Title: Spitalstrasse 2 8620 Wetzikon

Search URL Search Domain Scan URL

URL: https://www.instagram.com/bankavera/

Search URL Search Domain Scan URL

URL: https://www.tiktok.com/@bankavera

Search URL Search Domain Scan URL

URL: https://www.facebook.com/bankavera

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/bank-avera/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

56 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
bank-avera.ch/ 182 KB
21 KB 708ms
645ms Document
text/html 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

b8957ecefee95d4cdfb896d717f313298ecbaeee0bddf5aa8b9469f1ec7f610c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-CH,de;q=0.9
referer: https://www.google.com/

Response headers

cache-control: no-cache, private private, must-revalidate
content-encoding: gzip
content-length: 19002
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-type: text/html; charset=UTF-8
date: Mon, 04 Dec 2023 08:15:04 GMT
expect-ct: max-age=2592000
permissions-policy: geolocation=(self), microphone=(), camera=()
referrer-policy: no-referrer
server: Apache
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-xss-protection: 1; mode=block

GET
H2 200 jquery.js Show response
bank-avera.ch/concrete/js/ 88 KB
33 KB 70ms
68ms Script
application/javascript 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/concrete/js/jquery.js?ccm_nocache=ee3e28f9bfd2e82738e22d3b43acd1398845ab90

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 31079
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 12 Jul 2023 10:48:48 GMT
server: Apache
etag: "15f5b-60047f5df6400-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 bootstrap.4.3.1.min.css
bank-avera.ch/packages/lemonbrain_services/css/min/ 172 KB
26 KB 69ms
67ms Stylesheet
text/css 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/lemonbrain_services/css/min/bootstrap.4.3.1.min.css?ccm_nocache=ebbbd6a3d74baa06609206ea9c746d7596c23bb7

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

1fa4ff33b3937d7a5be36c34b4c4f8dcdabf0ff6e1a7ec634ddca46490a98d81

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 24276
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 13 Jul 2023 22:03:11 GMT
server: Apache
etag: "2b0ac-600657f800ed1-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 google_bav.min.js Show response
bank-avera.ch/packages/bank_avera/js/min/ 3 KB
4 KB 54ms
52ms Script
application/javascript 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/js/min/google_bav.min.js?ccm_nocache=2f93a9118908ecaa2b7639b73e01415fd1560ec3

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

f3d12b51311eae19ec78f320c4ff4db9d13462b2922386d6ffe3a2af32f4b6a8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 958
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "ab3-60b4ee0c71027-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 e66387a9ea0df0a76aba2ac89012c6f112c2802d.css
bank-avera.ch/application/files/cache/css/ 37 KB
7 KB 51ms
49ms Stylesheet
text/css 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/application/files/cache/css/e66387a9ea0df0a76aba2ac89012c6f112c2802d.css?ccm_nocache=ee3e28f9bfd2e82738e22d3b43acd1398845ab90

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

1b96e637285daf171e5bd88ea1ee9761b7ca704b2ba2810cb7e0a24951628065

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 4049
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 04 Dec 2023 07:44:56 GMT
server: Apache
etag: "929b-60baa4b4dea54-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 2e8211baf9b394cfb36818fd0959e265e4a0de92.js Show response
bank-avera.ch/application/files/cache/js/ 23 KB
11 KB 69ms
67ms Script
application/javascript 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/application/files/cache/js/2e8211baf9b394cfb36818fd0959e265e4a0de92.js?ccm_nocache=ee3e28f9bfd2e82738e22d3b43acd1398845ab90

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

f7e6d6bb0cd2a1cc44a406f2c5118b2a1634ca8964448cfeed7a1e9ddbec4cdf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 8658
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 04 Dec 2023 07:44:56 GMT
server: Apache
etag: "5c9e-60baa4b4dea54-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 672b663e2125f00c2150dc4a42d777dce39bb001.css
bank-avera.ch/application/files/cache/css/ 69 KB
13 KB 52ms
51ms Stylesheet
text/css 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/application/files/cache/css/672b663e2125f00c2150dc4a42d777dce39bb001.css?ccm_nocache=ee3e28f9bfd2e82738e22d3b43acd1398845ab90

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

1e577bf59fe348e970cb85ea1ee70518307a4f46649f91c5a2c565e37fe55431

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 10818
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 04 Dec 2023 07:44:56 GMT
server: Apache
etag: "113a3-60baa4b4df9f4-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 all.css
bank-avera.ch/concrete/css/fontawesome/ 72 KB
16 KB 69ms
68ms Stylesheet
text/css 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/concrete/css/fontawesome/all.css?ccm_nocache=ee3e28f9bfd2e82738e22d3b43acd1398845ab90

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 13366
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 12 Jul 2023 10:48:48 GMT
server: Apache
etag: "11f69-60047f5df6400-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 main.css
bank-avera.ch/application/files/cache/css/bank_avera/ 834 KB
64 KB 87ms
86ms Stylesheet
text/css 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

688c3b440b5e76f4628f17562240c2479656a2673ab72a100186f319f639d5e5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 62225
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 04 Dec 2023 07:44:55 GMT
server: Apache
etag: "d0869-60baa4b42fd4e-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 BankAvera_wir_verstehen_uns.svg
bank-avera.ch/application/files/4716/0146/6057/ 11 KB
13 KB 67ms
67ms Image
image/svg+xml 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/4716/0146/6057/BankAvera_wir_verstehen_uns.svg

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

d51d59d5e5218567779d56a791a4fe7dce71b841c31ac9533705ea2368b5a338

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 10869
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 13 Jul 2023 21:26:53 GMT
server: Apache
etag: "2a75-60064fdb8c35c"
expect-ct: max-age=2592000
content-type: image/svg+xml
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 BankAvera_logo_hoch.svg
bank-avera.ch/application/files/6115/8010/9696/ 4 KB
7 KB 49ms
48ms Image
image/svg+xml 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/6115/8010/9696/BankAvera_logo_hoch.svg

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

eeb44869f2c344bdec1b98fd052073c6225a2071d0fc349b5548a65d7bb5f717

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 4000
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Thu, 13 Jul 2023 21:57:01 GMT
server: Apache
etag: "fa0-6006569765053"
expect-ct: max-age=2592000
content-type: image/svg+xml
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 UOI_Illustration_BankAvera_16x9.webp
bank-avera.ch/application/files/thumbnails/webp_small_2x/2816/9952/6176/ 168 KB
171 KB 38ms
38ms Image
text/plain 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/thumbnails/webp_small_2x/2816/9952/6176/UOI_Illustration_BankAvera_16x9.webp

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

2d627093f65a5acea7eb07afe7a517fc386536a591a89f5b6a03f9f65e2744b5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Thu, 09 Nov 2023 10:36:22 GMT
server: Apache
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
etag: "29f0c-609b5c6645260"
expect-ct: max-age=2592000
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
content-length: 171788
x-xss-protection: 1; mode=block
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 Phishing.webp
bank-avera.ch/application/files/thumbnails/webp_small_2x/1016/6981/2733/ 33 KB
35 KB 26ms
26ms Image
text/plain 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/thumbnails/webp_small_2x/1016/6981/2733/Phishing.webp

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

6706c43be5bd4edd64fa7f04894433ebaa8791474efba88e02fe90ea48f8267e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Thu, 13 Jul 2023 21:30:22 GMT
server: Apache
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
etag: "8320-600650a2f5eb5"
expect-ct: max-age=2592000
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
content-length: 33568
x-xss-protection: 1; mode=block
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 Sparkonto-Top_145-Prozent.webp
bank-avera.ch/application/files/thumbnails/webp_small_2x/5416/9875/9594/ 59 KB
62 KB 37ms
36ms Image
text/plain 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/thumbnails/webp_small_2x/5416/9875/9594/Sparkonto-Top_145-Prozent.webp

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

79495c23c68205c36770df4ed140b508274cde69b0ed0c2e5700011acd9766b4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Tue, 31 Oct 2023 13:40:00 GMT
server: Apache
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
etag: "ecb2-609034a8920e8"
expect-ct: max-age=2592000
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
content-length: 60594
x-xss-protection: 1; mode=block
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 Startbonus.webp
bank-avera.ch/application/files/thumbnails/webp_small_2x/1216/1105/0267/ 224 KB
227 KB 36ms
36ms Image
text/plain 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/thumbnails/webp_small_2x/1216/1105/0267/Startbonus.webp

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

9360e5c40139719dce9d4b6a9c24aa389302bc1dcd0fdf8cf31457f7a394f51a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Thu, 13 Jul 2023 21:29:59 GMT
server: Apache
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
etag: "37e94-6006508d0660d"
expect-ct: max-age=2592000
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
content-length: 229012
x-xss-protection: 1; mode=block
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 Kundenvorteile.webp
bank-avera.ch/application/files/thumbnails/webp_small_2x/4816/1097/0739/ 156 KB
159 KB 36ms
36ms Image
text/plain 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/thumbnails/webp_small_2x/4816/1097/0739/Kundenvorteile.webp

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

ba100209a60b6d54dd123beda3afadf016b45c030bdeb95efbcf0736aec4c086

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Thu, 13 Jul 2023 21:29:53 GMT
server: Apache
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
etag: "2718e-6006508762f06"
expect-ct: max-age=2592000
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
content-length: 160142
x-xss-protection: 1; mode=block
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 1f266c00c8fafde338b8568f01920e4046d39d02.js Show response
bank-avera.ch/application/files/cache/js/ 2 MB
454 KB 57ms
56ms Script
application/javascript 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/application/files/cache/js/1f266c00c8fafde338b8568f01920e4046d39d02.js?ccm_nocache=ee3e28f9bfd2e82738e22d3b43acd1398845ab90

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

aada63bae1e66f956e4da3644a464d20f84d63eaf5164b7f1b7d6230e39e43f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 04 Dec 2023 07:44:56 GMT
server: Apache
etag: "1b3db2-60baa4b4e4815-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 api.js Show response
www.google.com/recaptcha/ 1 KB
1 KB 86ms
32ms Script
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js?render=explicit&onload=RecaptchaV3

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

e0e07624c5d82134f4000ef2e092eead2e2c445e11b361703ae1c766c7e23eca

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 04 Dec 2023 08:15:05 GMT

GET
H2 200 b73f19693011aacdee1f3737fe3e1b3e60d480d3.js Show response
bank-avera.ch/application/files/cache/js/ 43 KB
16 KB 37ms
37ms Script
application/javascript 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/application/files/cache/js/b73f19693011aacdee1f3737fe3e1b3e60d480d3.js?ccm_nocache=ee3e28f9bfd2e82738e22d3b43acd1398845ab90

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

c87f6472e56d03a640cb5bda1c71894a0b3a2648f8daf1c8667535b231796426

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-encoding: gzip
content-length: 13569
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Mon, 04 Dec 2023 07:44:56 GMT
server: Apache
etag: "acee-60baa4b4e57b6-gzip"
expect-ct: max-age=2592000
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 title_line.svg
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/img/ 1 KB
4 KB 35ms
35ms Image
image/svg+xml 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/img/title_line.svg

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

8faee09837e29a53bedc5b6241b627d549a3c22dd1f2ea7eb8183ddc41b510da

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 1074
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "432-60b4ee0c7fa8a"
expect-ct: max-age=2592000
content-type: image/svg+xml
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 GothamSSm-Medium_Web.woff2
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/ 59 KB
62 KB 39ms
39ms Font
font/woff2 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/GothamSSm-Medium_Web.woff2

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

28acd6e5879946c5c3d4fd7a167386f707c3fb1769b0b7d3c36ac62e68b64385

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 60414
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "ebfe-60b4ee0c7cba9"
expect-ct: max-age=2592000
content-type: font/woff2
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 untitled-font-1.woff
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/icon/ 11 KB
14 KB 40ms
40ms Font
font/woff 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/icon/untitled-font-1.woff

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

1f884d00a4597723862838bde23e80be78aa205ac802126ff3af58553afa7962

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 11688
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "2da8-60b4ee0c7bc09"
expect-ct: max-age=2592000
content-type: font/woff
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 GothamSSm-Light_Web.woff2
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/ 58 KB
60 KB 41ms
40ms Font
font/woff2 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/GothamSSm-Light_Web.woff2

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

4a9ef3bd126a5f92a688a6f93ec824016033e504427b94311a09d0c66c87c340

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 58982
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "e666-60b4ee0c7cba9"
expect-ct: max-age=2592000
content-type: font/woff2
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 GothamSSm-Bold_Web.woff2
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/ 59 KB
61 KB 41ms
41ms Font
font/woff2 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/GothamSSm-Bold_Web.woff2

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

0953086712fc42ce7a78b99f83a93ea38d9a6aacd1d55bc0a6f8951e55a0427f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 60078
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "eaae-60b4ee0c7cba9"
expect-ct: max-age=2592000
content-type: font/woff2
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 GothamSSm-Book_Web.woff2
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/ 58 KB
61 KB 39ms
39ms Font
font/woff2 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/GothamSSm-Book_Web.woff2

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

cf90393fb75b508d08edef4b520043e25c94840572f5f8beece1b8d36af0db79

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 59494
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "e866-60b4ee0c7cba9"
expect-ct: max-age=2592000
content-type: font/woff2
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 GothamSSm-MediumItalic_Web.woff2
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/ 61 KB
64 KB 48ms
48ms Font
font/woff2 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/GothamSSm-MediumItalic_Web.woff2

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

10db15913dc1bfdc3f618418e948583c653dbaeb71d12ca6f84558e4949a2d41

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 62270
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "f33e-60b4ee0c7cba9"
expect-ct: max-age=2592000
content-type: font/woff2
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 GothamSSm-BookItalic_Web.woff2
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/ 60 KB
63 KB 44ms
44ms Font
font/woff2 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/GothamSSm-BookItalic_Web.woff2

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

19abed9db3ff62daf2e716174c70279b2bb99c01d77c02d351c4693e6e748e78

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 61610
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "f0aa-60b4ee0c7cba9"
expect-ct: max-age=2592000
content-type: font/woff2
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 GothamSSm-LightItalic_Web.woff2
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/ 60 KB
63 KB 44ms
44ms Font
font/woff2 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/GothamSSm-LightItalic_Web.woff2

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

092b76fe5f547cdf13913d4a12819d6939981f1817d87eafbe3719c9835a4940

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 61394
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "efd2-60b4ee0c7cba9"
expect-ct: max-age=2592000
content-type: font/woff2
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 GothamSSm-BoldItalic_Web.woff2
bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/ 60 KB
63 KB 27ms
27ms Font
font/woff2 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/packages/bank_avera/themes/bank_avera/css/build/fonts/woff2/GothamSSm-BoldItalic_Web.woff2

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/application/files/cache/css/bank_avera/main.css?ts=1701675895

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

1a6d92c473a00be50d49304d67d3addd838f4e1df60aee14f7e9483b563eb4f8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
content-length: 61506
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
last-modified: Wed, 29 Nov 2023 18:41:06 GMT
server: Apache
etag: "f042-60b4ee0c7cba9"
expect-ct: max-age=2592000
content-type: font/woff2
cache-control: max-age=86400, public
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
DATA 200
OK truncated
/ 38 B
0 Image
image/webp

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Content-Type: image/webp

GET
H2 200 recaptcha__de_ch.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ 468 KB
188 KB 77ms
24ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de_ch.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=explicit&onload=RecaptchaV3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14f58d534c595bf9b24e8f67fbfba7a9213884866ed47888cc10ec5525b41777

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://bank-avera.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 17:50:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138304
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192023
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Dec 2024 17:50:01 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 219 KB
75 KB 91ms
37ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P9ZCSCF

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/packages/bank_avera/js/min/google_bav.min.js?ccm_nocache=2f93a9118908ecaa2b7639b73e01415fd1560ec3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

052956115aed3e177a63c49a4270bd1f9eec441eadfd7cfdbf44cc1b03a45851

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 76428
x-xss-protection: 0
last-modified: Mon, 04 Dec 2023 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 04 Dec 2023 08:15:05 GMT

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 202 KB
54 KB 59ms
20ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/packages/bank_avera/js/min/google_bav.min.js?ccm_nocache=2f93a9118908ecaa2b7639b73e01415fd1560ec3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 04 Dec 2023 08:15:05 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 54273
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 9S3gH/sidlihCbAuID6mzwudzjcJO7DG/l6xB6zVg/SNZLtUT/w+kDFQ4NYzeZlY6dklx+7LahhvTOiKxY4uiw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 getItems Show response
bank-avera.ch/bankavera/ 17 KB
20 KB 453ms
453ms XHR
application/json 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bank-avera.ch/bankavera/getItems

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/concrete/js/jquery.js?ccm_nocache=ee3e28f9bfd2e82738e22d3b43acd1398845ab90

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

8f97344c447d2c6964dd94ef34f549a843107c271adc763d596d9b9edf7e4720

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://www.google.com/
X-Requested-With: XMLHttpRequest
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer
server: Apache
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
expect-ct: max-age=2592000
x-frame-options: SAMEORIGIN
content-type: application/json
cache-control: no-cache, private, private, must-revalidate
permissions-policy: geolocation=(self), microphone=(), camera=()
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
x-xss-protection: 1; mode=block
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 648934043537782 Show response
connect.facebook.net/signals/config/ 140 KB
36 KB 167ms
166ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/648934043537782?v=2.9.138&r=stable&domain=bank-avera.ch

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6e513973bae370cf5ceae7d696424e58d5d196093e012b7e3e59007c084d40be

Security Headers

Name	Value
Content-Security-Policy	default-src facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com data: blob: 'self';script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), otp-credentials=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 04 Dec 2023 08:15:05 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints
pragma: public
x-fb-debug: 7eR1scNYRh/2IxwaO0t1D7Rn0IosxrXP/gp2FOhEJrtsxYhh4juxT9h+hIbbzNy0oFyQvN2NvzEF+xpaaFvY5A==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 285 KB
92 KB 39ms
39ms Script
application/javascript 2a00:1450:4001:813::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-XS4V6L6W9E&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P9ZCSCF

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

940d31964a9b907eb0455901f8a3a67ed07421f9ccbd4495314032adc8e68d83

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 94393
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 04 Dec 2023 08:15:05 GMT

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame A22D 59 KB
34 KB 45ms
44ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdDMM4UAAAAAKPkT58E0gLvSBxuhyv6H2aD4HJs&co=aHR0cHM6Ly9iYW5rLWF2ZXJhLmNoOjQ0Mw..&hl=de-CH&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&badge=inline&cb=1ypr3p526bkc

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de_ch.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

3176fe7ddbc493a99f0097fc44f074b26f03d9af7ab4fcdc2575f8ef2ebb51a5

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-_nhybgpi9KSxBmtsuqo71g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-CH,de;q=0.9
referer: https://www.google.com/

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-_nhybgpi9KSxBmtsuqo71g' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 08:15:05 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 61D4 60 KB
34 KB 69ms
69ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de_ch.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

da9bd023919268bc30284c8141304137349b92eb7d43846f339a087d97ba9c63

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-65D8XDFfWRNLhi34Aq011Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-CH,de;q=0.9
referer: https://www.google.com/

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-65D8XDFfWRNLhi34Aq011Q' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 08:15:05 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H2 200 anchor Show response
www.google.com/recaptcha/api2/ Frame 208D 60 KB
34 KB 68ms
68ms Document
text/html 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de_ch.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

963f2d196ce83240104b2ecf5589cea38b53403fb6f78fa6ff606a2da40dedf9

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6INs776LkQ-5dirpxRwTUA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: de-CH,de;q=0.9
referer: https://www.google.com/

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-6INs776LkQ-5dirpxRwTUA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Dec 2023 08:15:05 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

POST
H2 204 collect
region1.analytics.google.com/g/ 0
253 B 103ms
39ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-XS4V6L6W9E&gtm=45je3bt0v867517998z8860661375&_p=1701677704947&_gaz=1&gcd=11l1l1l1l1&dma=0&cid=1392016881.1701677705&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1701677705&sct=1&seg=0&dl=https%3A%2F%2Fbank-avera.ch%2F&dt=Bank%20Avera%20%E2%80%93%20Wir%20verstehen%20uns.&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1245
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XS4V6L6W9E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 08:15:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bank-avera.ch
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
253 B 98ms
33ms Ping
text/plain 2a00:1450:400c:c07::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-XS4V6L6W9E&cid=1392016881.1701677705&gtm=45je3bt0v867517998z8860661375&aip=1&dma=0&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-XS4V6L6W9E&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c07::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 08:15:05 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://bank-avera.ch
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.ch/ads/ 42 B
408 B 89ms
35ms Image
image/gif 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ch/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-XS4V6L6W9E&cid=1392016881.1701677705&gtm=45je3bt0v867517998z8860661375&aip=1&dma=0&gcd=11l1l1l1l1&z=1042056661

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 04 Dec 2023 08:15:05 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame A22D 55 KB
24 KB 80ms
33ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdDMM4UAAAAAKPkT58E0gLvSBxuhyv6H2aD4HJs&co=aHR0cHM6Ly9iYW5rLWF2ZXJhLmNoOjQ0Mw..&hl=de-CH&v=-QbJqHfGOUB8nuVRLvzFLVed&size=invisible&badge=inline&cb=1ypr3p526bkc

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 23:09:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 02 Dec 2024 23:09:14 GMT

GET
H3 200 recaptcha__de_ch.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame A22D 468 KB
188 KB 109ms
62ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de_ch.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14f58d534c595bf9b24e8f67fbfba7a9213884866ed47888cc10ec5525b41777

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 17:50:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138304
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192023
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Dec 2024 17:50:01 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 208D 55 KB
24 KB 55ms
23ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 23:09:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 02 Dec 2024 23:09:14 GMT

GET
H3 200 recaptcha__de_ch.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 208D 468 KB
188 KB 93ms
61ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de_ch.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14f58d534c595bf9b24e8f67fbfba7a9213884866ed47888cc10ec5525b41777

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 17:50:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138304
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192023
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Dec 2024 17:50:01 GMT

GET
H3 200 styles__ltr.css
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 61D4 55 KB
24 KB 63ms
42ms Stylesheet
text/css 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sun, 03 Dec 2023 23:09:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 32751
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24606
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/css
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Mon, 02 Dec 2024 23:09:14 GMT

GET
H3 200 recaptcha__de_ch.js Show response
www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/ Frame 61D4 468 KB
188 KB 88ms
69ms Script
text/javascript 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/recaptcha__de_ch.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

14f58d534c595bf9b24e8f67fbfba7a9213884866ed47888cc10ec5525b41777

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Sat, 02 Dec 2023 17:50:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 138304
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 192023
x-xss-protection: 0
last-modified: Tue, 14 Nov 2023 05:42:11 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Sun, 01 Dec 2024 17:50:01 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
185 B 59ms
20ms Image
text/plain 2a03:2880:f177:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=648934043537782&ev=PageView&dl=https%3A%2F%2Fbank-avera.ch%2F%23!ac_hint%3Dvisible&rl=&if=false&ts=1701677705436&sw=1600&sh=1200&v=2.9.138&r=stable&ec=0&o=4126&fbp=fb.1.1701677705435.498480098&cs_est=true&ler=empty&it=1701677705246&coo=false&rqm=GET

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 04 Dec 2023 08:15:05 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H3 200 logo_48.png
www.gstatic.com/recaptcha/api2/ Frame A22D 2 KB
2 KB 23ms
23ms Image
image/png 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.gstatic.com/recaptcha/api2/logo_48.png

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/-QbJqHfGOUB8nuVRLvzFLVed/styles__ltr.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Fri, 01 Dec 2023 12:21:55 GMT
x-content-type-options: nosniff
age: 244390
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2228
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 20:15:00 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: image/png
cache-control: public, max-age=604800
accept-ranges: bytes
expires: Fri, 08 Dec 2023 12:21:55 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A22D 15 KB
15 KB 83ms
29ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Thu, 30 Nov 2023 23:26:56 GMT
x-content-type-options: nosniff
age: 290889
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15344
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:32:55 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 29 Nov 2024 23:26:56 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame A22D 15 KB
16 KB 77ms
23ms Font
font/woff2 2a00:1450:4001:800::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.google.com/
Origin: https://www.google.com
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Wed, 29 Nov 2023 21:01:27 GMT
x-content-type-options: nosniff
age: 386018
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15552
x-xss-protection: 0
last-modified: Mon, 16 Oct 2017 17:33:02 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 28 Nov 2024 21:01:27 GMT

GET
H2 200 Bild_Zuercher_Oberland.webp
bank-avera.ch/application/files/thumbnails/webp_small_2x/4516/9866/0707/ 168 KB
171 KB 28ms
28ms Image
text/plain 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/thumbnails/webp_small_2x/4516/9866/0707/Bild_Zuercher_Oberland.webp

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

773f53543bddc3b825576a4b4e3f9a4057c833c79f1285c9bc00a803f94df9d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Mon, 30 Oct 2023 10:11:52 GMT
server: Apache
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
etag: "2a07a-608ec44599c17"
expect-ct: max-age=2592000
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
content-length: 172154
x-xss-protection: 1; mode=block
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H2 200 Vermoegensverwaltung.webp
bank-avera.ch/application/files/thumbnails/webp_small_2x/6616/9529/1892/ 186 KB
188 KB 32ms
31ms Image
text/plain 20.250.18.7
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank-avera.ch/application/files/thumbnails/webp_small_2x/6616/9529/1892/Vermoegensverwaltung.webp

Requested by

Host: bank-avera.ch
URL: https://bank-avera.ch/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

20.250.18.7 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Apache /

Resource Hash

dbec3709477a18dd53bf96f77e40646fc8df64b7cbaf301d05e34d1f470bbc04

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
referrer-policy: no-referrer
last-modified: Thu, 21 Sep 2023 10:24:58 GMT
server: Apache
content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
etag: "2e66a-605dbe76594a9"
expect-ct: max-age=2592000
permissions-policy: geolocation=(self), microphone=(), camera=()
accept-ranges: bytes
x-webkit-csp: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
content-length: 190058
x-xss-protection: 1; mode=block
x-content-security-policy: default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame A22D 105 B
138 B 32ms
32ms Other
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de-CH&v=-QbJqHfGOUB8nuVRLvzFLVed

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f6b9d81e54a20796a7441b1eed0741d5f9c4c338761556981da51f5c02a4f191

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 04 Dec 2023 08:15:05 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 61D4 105 B
138 B 34ms
33ms Other
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de-CH&v=-QbJqHfGOUB8nuVRLvzFLVed

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f6b9d81e54a20796a7441b1eed0741d5f9c4c338761556981da51f5c02a4f191

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 04 Dec 2023 08:15:05 GMT

GET
H3 200 webworker.js
www.google.com/recaptcha/api2/ Frame 208D 105 B
138 B 32ms
32ms Other
text/javascript 2a00:1450:4001:829::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/webworker.js?hl=de-CH&v=-QbJqHfGOUB8nuVRLvzFLVed

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:829::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

GSE /

Resource Hash

f6b9d81e54a20796a7441b1eed0741d5f9c4c338761556981da51f5c02a4f191

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

date: Mon, 04 Dec 2023 08:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
cross-origin-embedder-policy: require-corp
x-frame-options: SAMEORIGIN
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 04 Dec 2023 08:15:05 GMT

Verdicts & Comments Add Verdict or Comment

49 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bank-avera.ch/	1970-01-21 02:17:17	Name: _ga Value: GA1.1.1392016881.1701677705
.bank-avera.ch/	1970-01-21 02:17:17	Name: _ga_XS4V6L6W9E Value: GS1.1.1701677705.1.0.1701677705.60.0.0
.bank-avera.ch/	1970-01-20 18:50:53	Name: _fbp Value: fb.1.1701677705435.498480098

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' data: www.gstatic.com fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy	default-src 'self' www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' blob: graph.facebook.com region1.analytics.google.com region1.google-analytics.com api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; frame-src 'self' www.homegate.ch msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: www.google-analytics.com www.google-analytics.com stats.g.doubleclick.net; script-src 'self' data: www.facebook.com connect.facebook.net www.googletagmanager.com cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src data: www.gstatic.com 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch www.jobs.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bank-avera.ch
connect.facebook.net
fonts.gstatic.com
region1.analytics.google.com
stats.g.doubleclick.net
www.facebook.com
www.google.ch
www.google.com
www.googletagmanager.com
www.gstatic.com
20.250.18.7
2001:4860:4802:34::36
2a00:1450:4001:800::2003
2a00:1450:4001:811::2003
2a00:1450:4001:813::2008
2a00:1450:4001:829::2004
2a00:1450:4001:830::2003
2a00:1450:400c:c07::9d
2a03:2880:f084:d:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
052956115aed3e177a63c49a4270bd1f9eec441eadfd7cfdbf44cc1b03a45851
05632bd17ae6013db11864ba86f363756e305cd5a56ee788fe20774ed6c750f9
092b76fe5f547cdf13913d4a12819d6939981f1817d87eafbe3719c9835a4940
0953086712fc42ce7a78b99f83a93ea38d9a6aacd1d55bc0a6f8951e55a0427f
0cb8cc3fee4275e182236ab19c3aae55274f43aa0ffde9c0510d8d59fcf8e5dc
10db15913dc1bfdc3f618418e948583c653dbaeb71d12ca6f84558e4949a2d41
14f58d534c595bf9b24e8f67fbfba7a9213884866ed47888cc10ec5525b41777
19abed9db3ff62daf2e716174c70279b2bb99c01d77c02d351c4693e6e748e78
1a6d92c473a00be50d49304d67d3addd838f4e1df60aee14f7e9483b563eb4f8
1b96e637285daf171e5bd88ea1ee9761b7ca704b2ba2810cb7e0a24951628065
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1e577bf59fe348e970cb85ea1ee70518307a4f46649f91c5a2c565e37fe55431
1f884d00a4597723862838bde23e80be78aa205ac802126ff3af58553afa7962
1fa4ff33b3937d7a5be36c34b4c4f8dcdabf0ff6e1a7ec634ddca46490a98d81
28acd6e5879946c5c3d4fd7a167386f707c3fb1769b0b7d3c36ac62e68b64385
2d627093f65a5acea7eb07afe7a517fc386536a591a89f5b6a03f9f65e2744b5
3176fe7ddbc493a99f0097fc44f074b26f03d9af7ab4fcdc2575f8ef2ebb51a5
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
4a9ef3bd126a5f92a688a6f93ec824016033e504427b94311a09d0c66c87c340
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
6706c43be5bd4edd64fa7f04894433ebaa8791474efba88e02fe90ea48f8267e
688c3b440b5e76f4628f17562240c2479656a2673ab72a100186f319f639d5e5
6e513973bae370cf5ceae7d696424e58d5d196093e012b7e3e59007c084d40be
773f53543bddc3b825576a4b4e3f9a4057c833c79f1285c9bc00a803f94df9d9
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
79495c23c68205c36770df4ed140b508274cde69b0ed0c2e5700011acd9766b4
8f97344c447d2c6964dd94ef34f549a843107c271adc763d596d9b9edf7e4720
8faee09837e29a53bedc5b6241b627d549a3c22dd1f2ea7eb8183ddc41b510da
9360e5c40139719dce9d4b6a9c24aa389302bc1dcd0fdf8cf31457f7a394f51a
940d31964a9b907eb0455901f8a3a67ed07421f9ccbd4495314032adc8e68d83
963f2d196ce83240104b2ecf5589cea38b53403fb6f78fa6ff606a2da40dedf9
a6f3f0faea4b3d48e03176341bef0ed3151ffbf226d4c6635f1c6039c0500575
aada63bae1e66f956e4da3644a464d20f84d63eaf5164b7f1b7d6230e39e43f0
b8957ecefee95d4cdfb896d717f313298ecbaeee0bddf5aa8b9469f1ec7f610c
ba100209a60b6d54dd123beda3afadf016b45c030bdeb95efbcf0736aec4c086
c87f6472e56d03a640cb5bda1c71894a0b3a2648f8daf1c8667535b231796426
cf90393fb75b508d08edef4b520043e25c94840572f5f8beece1b8d36af0db79
d51d59d5e5218567779d56a791a4fe7dce71b841c31ac9533705ea2368b5a338
da9bd023919268bc30284c8141304137349b92eb7d43846f339a087d97ba9c63
dbec3709477a18dd53bf96f77e40646fc8df64b7cbaf301d05e34d1f470bbc04
e0e07624c5d82134f4000ef2e092eead2e2c445e11b361703ae1c766c7e23eca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eeb44869f2c344bdec1b98fd052073c6225a2071d0fc349b5548a65d7bb5f717
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3d12b51311eae19ec78f320c4ff4db9d13462b2922386d6ffe3a2af32f4b6a8
f6b9d81e54a20796a7441b1eed0741d5f9c4c338761556981da51f5c02a4f191
f7e6d6bb0cd2a1cc44a406f2c5118b2a1634ca8964448cfeed7a1e9ddbec4cdf

bank-avera.ch Open in urlscan Pro 20.250.18.7 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

56 Requests

100 %HTTPS

90 %IPv6

8 Domains

10 Subdomains

11 IPs

4 Countries

3450 kBTransfer

7875 kBSize

3 Cookies

8 Outgoing links

Redirected requests

56 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

bank-avera.ch Open in urlscan Pro
20.250.18.7 Public Scan

Screenshot
Live screenshot

Full Image

56
Requests

100 %
HTTPS

90 %
IPv6

8
Domains

10
Subdomains

11
IPs

4
Countries

3450 kB
Transfer

7875 kB
Size

3
Cookies

56 HTTP transactions
1 data transactions