urlscan.io logo urlscan.io
SecurityTrails logo

fedsso.bankofamerica.com Open in urlscan Pro
171.159.216.65  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://bankofamerica-bbgcb.my-salesforce-community-live-preview.com/
Effective URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Submission: On December 27 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 15 HTTP transactions. The main IP is 171.159.216.65, located in Jersey City, United States and belongs to BANKAMERICA, US. The main domain is fedsso.bankofamerica.com. The Cisco Umbrella rank of the primary domain is 262793.
TLS certificate: Issued by Entrust Certification Authority - L1M on November 14th 2023. Valid for: a year.
This is the only time fedsso.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 3 136.146.208.51 14340 (SALESFORCE)
13 171.159.216.65 10794 (BANKAMERICA)
15 2
Domain Requested by
13 fedsso.bankofamerica.com fedsso.bankofamerica.com
2 bofagb.my-salesforce.com bofagb.my-salesforce.com
1 bankofamerica-bbgcb.my-salesforce-community-live-preview.com 1 redirects
15 3

This site contains links to these domains. Also see Links.

Domain
passwordreset.bankofamerica.com
Subject Issuer Validity Valid
ia6.bofagb.my-salesforce.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1		 2023-05-24 -
2024-05-22		 a year crt.sh
fedsso-rva-ext.bankofamerica.com
Entrust Certification Authority - L1M		 2023-11-14 -
2024-12-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fedsso.bankofamerica.com/idp/SSO.saml2
Frame ID: A504ADE667E05EEBC54BB39DB4C6A392
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bank of America: Sign On

Page URL History Show full URLs

  1. https://bankofamerica-bbgcb.my-salesforce-community-live-preview.com/ HTTP 302
    https://bofagb.my-salesforce.com/udd/Site/siteDashboard.apexp Page URL
  2. https://bofagb.my-salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAY07aLshMDAwMDAwMDAwMDAwMDAwAAA... Page URL
  3. https://fedsso.bankofamerica.com/idp/SSO.saml2 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

651 kB
Transfer

624 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://bankofamerica-bbgcb.my-salesforce-community-live-preview.com/ HTTP 302
    https://bofagb.my-salesforce.com/udd/Site/siteDashboard.apexp Page URL
  2. https://bofagb.my-salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAY07aLshMDAwMDAwMDAwMDAwMDAwAAAA9t365S4Tj-itTF2cDvI_YUk_WAGwJxioh3wpV7BR4VYRbxa2LGix3u3koC7nPCJvBaJ-LijeNYpwBlExXk_mLrt458HANotTlhniiU_3JivCb6UttfYMhJ7HulCpqYM7-WOWyBnCl6kxho0KgvlH_P5vxj98VtzBGWnQN-DnzPZutjEnCMqRxQneW_39vnA38fWU6qqdPQqKJUAaj2aLOeYmAZ1f3e3IQrM2K1S0_G5zMeel0Pg8Qjv-pVTWTdQ4tA&saml_acs=https%3A%2F%2Fbofagb.my-salesforce.com&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fbofagb.my-salesforce.com&samlSsoConfig=0LEDn000005lxQK&RelayState=%2Fudd%2FSite%2FsiteDashboard.apexp Page URL
  3. https://fedsso.bankofamerica.com/idp/SSO.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://bankofamerica-bbgcb.my-salesforce-community-live-preview.com/ HTTP 302
  • https://bofagb.my-salesforce.com/udd/Site/siteDashboard.apexp

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
siteDashboard.apexp
bofagb.my-salesforce.com/udd/Site/
Redirect Chain
  • https://bankofamerica-bbgcb.my-salesforce-community-live-preview.com/
  • https://bofagb.my-salesforce.com/udd/Site/siteDashboard.apexp
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bofagb.my-salesforce.com/udd/Site/siteDashboard.apexp
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
136.146.208.51 New York, United States, ASN14340 (SALESFORCE, US),
Reverse DNS
Software
sfe /
Resource Hash
09d65e6766d447320b3fdbb50ed6b3befca6958d55925561f61f4b5b9a43b00e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
must-revalidate,no-cache,no-store
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Wed, 27 Dec 2023 12:18:55 GMT
referrer-policy
origin-when-cross-origin
server
sfe
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-request-id
e193eda61cdddb2609b407cc7c34f70d
x-robots-tag
none
x-sfdc-request-id
e193eda61cdddb2609b407cc7c34f70d
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-length
0
content-security-policy
upgrade-insecure-requests
date
Wed, 27 Dec 2023 12:18:55 GMT
location
https://bofagb.my-salesforce.com/udd/Site/siteDashboard.apexp
referrer-policy
origin-when-cross-origin
server
sfe
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
x-request-id
09d2ab013c6fd4a1f85555415b14d908
x-robots-tag
none
x-sfdc-request-id
09d2ab013c6fd4a1f85555415b14d908
x-xss-protection
1; mode=block
authn-request.jsp
bofagb.my-salesforce.com/saml/ 		6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bofagb.my-salesforce.com/saml/authn-request.jsp?saml_request_id=_2CAAAAY07aLshMDAwMDAwMDAwMDAwMDAwAAAA9t365S4Tj-itTF2cDvI_YUk_WAGwJxioh3wpV7BR4VYRbxa2LGix3u3koC7nPCJvBaJ-LijeNYpwBlExXk_mLrt458HANotTlhniiU_3JivCb6UttfYMhJ7HulCpqYM7-WOWyBnCl6kxho0KgvlH_P5vxj98VtzBGWnQN-DnzPZutjEnCMqRxQneW_39vnA38fWU6qqdPQqKJUAaj2aLOeYmAZ1f3e3IQrM2K1S0_G5zMeel0Pg8Qjv-pVTWTdQ4tA&saml_acs=https%3A%2F%2Fbofagb.my-salesforce.com&saml_binding_type=HttpPost&Issuer=https%3A%2F%2Fbofagb.my-salesforce.com&samlSsoConfig=0LEDn000005lxQK&RelayState=%2Fudd%2FSite%2FsiteDashboard.apexp
Requested by
Host: bofagb.my-salesforce.com
URL: https://bofagb.my-salesforce.com/udd/Site/siteDashboard.apexp
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
136.146.208.51 New York, United States, ASN14340 (SALESFORCE, US),
Reverse DNS
Software
sfe /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://bofagb.my-salesforce.com/udd/Site/siteDashboard.apexp
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
no-cache,must-revalidate,max-age=0,no-store,private
content-encoding
gzip
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=UTF-8
date
Wed, 27 Dec 2023 12:18:56 GMT
pragma
no-cache
referrer-policy
origin-when-cross-origin
server
sfe
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-request-id
e193eda61cdddb2609b407cc7c34f70d
x-robots-tag
none
x-sfdc-request-id
e193eda61cdddb2609b407cc7c34f70d
x-xss-protection
1; mode=block
Primary Request SSO.saml2
fedsso.bankofamerica.com/idp/ 		12 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
93eeaff294189451095dc2ed3a00c13406f60f40d6681020b119fb5bef17e89c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://bofagb.my-salesforce.com
Referer
https://bofagb.my-salesforce.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
12430
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type
text/html;charset=utf-8
Date
Wed, 27 Dec 2023 12:18:56 GMT
Expect-CT
max-age=3600, enforce
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=20000
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
custom.css
fedsso.bankofamerica.com/assets/sso/css/ 		336 KB
338 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/css/custom.css
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
075f76fb34da5b53fd9543c19bd9f1e073e81d9415eef241ef17cbcbbae44ee3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:56 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19999
Content-Length
344259
X-XSS-Protection
1; mode=block
main-v2.css
fedsso.bankofamerica.com/assets/sso/css/ 		9 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/css/main-v2.css
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
6e2d628058e4cc34871378e947908fd1699f9eea5aec28c1195dab46c0c76ba2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
9194
X-XSS-Protection
1; mode=block
override.css
fedsso.bankofamerica.com/assets/css/ 		991 B
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/css/override.css
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
ea70ea5e863a0170c1f25c54cf2f460329d58b8c1ba07ffcbd7bc45f9cb2eb82
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
991
X-XSS-Protection
1; mode=block
branding.css
fedsso.bankofamerica.com/assets/css/ 		6 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/css/branding.css
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
96e3a4c65f45f4d38eb4fabb0d771ea59bbed2add345ab02c83dbe51b961c970
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
6429
X-XSS-Protection
1; mode=block
urlmunger.js
fedsso.bankofamerica.com/assets/js/ 		5 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/js/urlmunger.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
5e85d8b2f444947cfa0e96140c683bf8bede0c060b8a2c13f9eaf094d3a132a7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
5597
X-XSS-Protection
1; mode=block
bofa-logo-new.svg
fedsso.bankofamerica.com/assets/sso/images/ 		7 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fedsso.bankofamerica.com/assets/sso/images/bofa-logo-new.svg
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
4f43956ff1e3bf9d7e9c3d3a135a3c9c8d4d39dc69a334bec02926448c1e7ef5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
image/svg+xml
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
7544
X-XSS-Protection
1; mode=block
jquery-3.5.1.min.js
fedsso.bankofamerica.com/assets/jslib/jQuery/3.5.1/ 		89 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/jslib/jQuery/3.5.1/jquery-3.5.1.min.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
9eb38f49c160795d44429502e0ad34a1fa4b4ed5ad3cab4ef04339a2db503909
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19999
Content-Length
91596
X-XSS-Protection
1; mode=block
popper.min.js
fedsso.bankofamerica.com/assets/jslib/jQuery/3.5.1/ 		20 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/jslib/jQuery/3.5.1/popper.min.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
f8e91ec84893a1ab67b0b5c11cd269d9513c7eea5475ca9e597e779544c29672
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19999
Content-Length
20628
X-XSS-Protection
1; mode=block
bootstrap.bundle.min.js
fedsso.bankofamerica.com/assets/jslib/bootstrap/4.6/ 		84 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/jslib/bootstrap/4.6/bootstrap.bundle.min.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
e81e7d08d34e0de6c42adfc36e7be982d22213a897b5d82b7629b96b7ce65432
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19998
Content-Length
86498
X-XSS-Protection
1; mode=block
helper-min.js
fedsso.bankofamerica.com/assets/sso/js/ 		4 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/js/helper-min.js
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
8b9ff68441127edc43492df73941633ebc62059c1ea72029deb48a388faf477b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/idp/SSO.saml2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19998
Content-Length
3771
X-XSS-Protection
1; mode=block
bg.png
fedsso.bankofamerica.com/ 		928 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fedsso.bankofamerica.com/bg.png
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/css/branding.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
2a0748836fe72af93f362aeed6efe34f9e1f7eec05f2439d899aadb1b440de52
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://fedsso.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
ETag
W/"gYF5iKBr/sMgYF4BJ9zZPM"
Expect-CT
max-age=3600, enforce
Content-Type
image/png
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=19997
Content-Length
928
X-XSS-Protection
1; mode=block
Connections.woff
fedsso.bankofamerica.com/assets/sso/fonts/connections/ 		41 KB
43 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fedsso.bankofamerica.com/assets/sso/fonts/connections/Connections.woff
Requested by
Host: fedsso.bankofamerica.com
URL: https://fedsso.bankofamerica.com/assets/sso/css/main-v2.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.159.216.65 Jersey City, United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rva-ext-vip.bankofamerica.com
Software
/
Resource Hash
91eda04cd92aa5d10e8ad20151c60ffde44eaed5729e2e2279de864858590ae2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://fedsso.bankofamerica.com/
Origin
https://fedsso.bankofamerica.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Date
Wed, 27 Dec 2023 12:18:57 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 06 Dec 2023 12:27:06 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/font-woff
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19997
Content-Length
41744
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| envSpecificICP function| returnEnvSpecificICP function| returnEnvPasswordURL function| returnEnvPasswordText function| returnICAEnvURL function| removeSpace function| $ function| jQuery object| Popper object| bootstrap function| a0_0x323c function| a0_0x4546 function| _rts function| issu function| pv

10 Cookies

Domain/Path Name / Value
bankofamerica-bbgcb.my-salesforce-community-live-preview.com/ Name: CookieConsentPolicy
Value: 0:1
bankofamerica-bbgcb.my-salesforce-community-live-preview.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
bofagb.my-salesforce.com/ Name: CookieConsentPolicy
Value: 0:1
bofagb.my-salesforce.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
bofagb.my-salesforce.com/ Name: BrowserId
Value: GvxMIaSyEe6uqVN-cZVXCg
bofagb.my-salesforce.com/ Name: BrowserId_sec
Value: GvxMIaSyEe6uqVN-cZVXCg
fedsso.bankofamerica.com/ Name: PF
Value: uCMINC7Rpq7OhBy3X7BtZg
fedsso.bankofamerica.com/ Name: bac_persist
Value: 2069966245.24515.0000
.bankofamerica.com/ Name: _bofalid
Value: 49d2v9e3qLgnHYFMhZyuhOO+KK6Icsv6LFjrjhTVOac=
.fedsso.bankofamerica.com/ Name: TS0193529a
Value: 0176872a986055ca4ae6c331c78b503ac18e6538689a9c2a0d393a9f433752a494fd1de7b3a8f0e32b0e140f0a25c5716fee939cf1

1 Console Messages

Source Level URL
Text
security error URL: https://fedsso.bankofamerica.com/idp/SSO.saml2(Line 17)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block