Submitted URL: https://www.cardupgrade.citi.com/
Effective URL: https://cardupgrade.citi.com/error.aspx
Submission: On February 15 via automatic, source certstream-suspicious

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 18 HTTP transactions. The main IP is 198.160.105.70, located in United States and belongs to ACXIOM, US. The main domain is cardupgrade.citi.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on December 8th 2017. Valid for: 2 years.
This is the only time cardupgrade.citi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 19 198.160.105.70 15026 (ACXIOM)
1 2 15.188.105.205 16509 (AMAZON-02)
18 2
Apex Domain
Subdomains
Transfer
21 citi.com
www.cardupgrade.citi.com
cardupgrade.citi.com
metrics1.citi.com
112 KB
18 1
Domain Requested by
18 cardupgrade.citi.com 1 redirects cardupgrade.citi.com
2 metrics1.citi.com 1 redirects cardupgrade.citi.com
1 www.cardupgrade.citi.com 1 redirects
18 3

This site contains links to these domains. Also see Links.

Domain
creditcards.citi.com
citi.com
www.citigroup.com
online.citi.com
Subject Issuer Validity Valid
cardupgrade.citi.com
DigiCert SHA2 Extended Validation Server CA
2017-12-08 -
2020-02-29
2 years crt.sh
metrics1.citi.com
DigiCert SHA2 Extended Validation Server CA
2018-08-31 -
2020-08-30
2 years crt.sh

This page contains 1 frames:

Primary Page: https://cardupgrade.citi.com/error.aspx
Frame ID: B324327FAD128A63E426DAC4A69E04DF
Requests: 18 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.cardupgrade.citi.com/ HTTP 301
    https://cardupgrade.citi.com/ HTTP 302
    https://cardupgrade.citi.com/error.aspx Page URL

Detected technologies

Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i

Overall confidence: 100%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i

Overall confidence: 50%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i

Overall confidence: 100%
Detected patterns
  • script /\/s[_-]code.*\.js/i

Overall confidence: 100%
Detected patterns
  • script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
  • script /\/([\d.]+)\/jquery(?:\.min)?\.js/i
  • script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

2
IPs

2
Countries

110 kB
Transfer

303 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.cardupgrade.citi.com/ HTTP 301
    https://cardupgrade.citi.com/ HTTP 302
    https://cardupgrade.citi.com/error.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s63926547922473?AQB=1&ndh=1&pf=1&t=15%2F1%2F2020%201%3A1%3A0%206%20-60&fid=2BAE0949CC0DF71E-34ED1DD808763D30&ce=UTF-8&g=https%3A%2F%2Fcardupgrade.citi.com%2Ferror.aspx&c.&visitStart=1&.c&cc=USD&ch=CARDSPublic&server=XCVMDWWSC02.citacxdmz.acxiom.com&c1=Upgrade%20Portal&c2=Axciom&c11=EN&c63=https%3A%2F%2Fcardupgrade.citi.com%2Ferror.aspx&c64=7%3A01PM&v64=7%3A01PM&c65=Friday&v65=Friday&c66=Friday%7C7%3A01PM&v67=New&v68=1&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s63926547922473?AQB=1&pccr=true&vidn=2F239A5E0515DF51-4000083BE1475B75&ndh=1&pf=1&t=15%2F1%2F2020%201%3A1%3A0%206%20-60&fid=2BAE0949CC0DF71E-34ED1DD808763D30&ce=UTF-8&g=https%3A%2F%2Fcardupgrade.citi.com%2Ferror.aspx&c.&visitStart=1&.c&cc=USD&ch=CARDSPublic&server=XCVMDWWSC02.citacxdmz.acxiom.com&c1=Upgrade%20Portal&c2=Axciom&c11=EN&c63=https%3A%2F%2Fcardupgrade.citi.com%2Ferror.aspx&c64=7%3A01PM&v64=7%3A01PM&c65=Friday&v65=Friday&c66=Friday%7C7%3A01PM&v67=New&v68=1&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

18 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set error.aspx
cardupgrade.citi.com/
Redirect Chain
  • https://www.cardupgrade.citi.com/
  • https://cardupgrade.citi.com/
  • https://cardupgrade.citi.com/error.aspx
8 KB
4 KB
Document
General
Full URL
https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
ab0b4651d138da13b1998f2cc1ee1e9e40ed10b9fda4a6da66475e82911ba5b3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
cardupgrade.citi.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
NSC_DVQ-dbsevqhsbef-QSPE-DXZ=5ccba3d824edb0637ee05f96c90d5a4ef0a03faf3191ab1253f0f182743b92e7cf6060fe; XCADC=gwn+wGU7a03vmXEeTzYEhbMwBJc0000
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

cache-control
no-cache, no-store
pragma
no-cache
content-type
text/html; charset=utf-8
expires
-1
x-ua-compatible
IE=edge
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
strict-origin
date
Sat, 15 Feb 2020 00:00:55 GMT
ntcoent-length
8469
Set-Cookie
NSC_DVQ-dbsevqhsbef-QSPE-DXZ=5ccba3d824edb0637ee05f96c90d5a4ef0a03faf3191ab1253f0f182743b92e7cf6060fe;expires=Sat, 15-Feb-2020 00:15:59 GMT;path=/;secure;httponly
Strict-Transport-Security
max-age=157680000; includeSubDomains
Content-Encoding
gzip
Content-Length
3204

Redirect headers

content-type
text/html; charset=utf-8
location
/error.aspx
x-ua-compatible
IE=edge
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
x-content-type-options
nosniff
content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
strict-origin
date
Sat, 15 Feb 2020 00:00:55 GMT
content-length
128
Set-Cookie
NSC_DVQ-dbsevqhsbef-QSPE-DXZ=5ccba3d824edb0637ee05f96c90d5a4ef0a03faf3191ab1253f0f182743b92e7cf6060fe;expires=Sat, 15-Feb-2020 00:15:59 GMT;path=/;secure;httponly XCADC=gwn+wGU7a03vmXEeTzYEhbMwBJc0000; Domain=.citi.com; Path=/; Secure; HttpOnly
Strict-Transport-Security
max-age=157680000; includeSubDomains
X-Cache-Control-Orig
Cache-Control
max-age=0, must-revalidate, private
X-Expires-Orig
None
reset.css
cardupgrade.citi.com/includes/css/
1 KB
1 KB
Stylesheet
General
Full URL
https://cardupgrade.citi.com/includes/css/reset.css
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
7ec6c43229ca4ae511c98bf8518863ad3e2bb79e0014994a38e998977354946b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
Content-Length
585
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
cteonnt-length
1101
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:21 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
text/css
Cache-Control
private
etag
"9473363659c8d31:0"
accept-ranges
bytes
CardUpgrade.css
cardupgrade.citi.com/includes/css/
16 KB
4 KB
Stylesheet
General
Full URL
https://cardupgrade.citi.com/includes/css/CardUpgrade.css
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
397b5a27456f88f1fb186ae8df86852947557a622ac001df1cb66ffe33616232
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
Content-Length
3736
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
cteonnt-length
16348
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:20 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
text/css
Cache-Control
private
etag
"28643659c8d31:0"
accept-ranges
bytes
jquery-1.4.2.js
cardupgrade.citi.com/includes/js/
166 KB
52 KB
Script
General
Full URL
https://cardupgrade.citi.com/includes/js/jquery-1.4.2.js
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
69a78538c3b8b841bd898d85140986bd87d41f7771c7cb9d45909ce00183783e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
Transfer-Encoding
chunked
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
cteonnt-length
170095
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:21 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
application/javascript
Cache-Control
private
etag
"c677993659c8d31:0"
accept-ranges
bytes
jquery.equalHeights.js
cardupgrade.citi.com/includes/js/
1 KB
1 KB
Script
General
Full URL
https://cardupgrade.citi.com/includes/js/jquery.equalHeights.js
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
27cc9e43ee7eff3502e1e70c861548df175d21d615870c65185ec080ae0e544a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
Content-Length
538
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
cteonnt-length
1123
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:21 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
application/javascript
Cache-Control
private
etag
"1c149a3659c8d31:0"
accept-ranges
bytes
jQuery.dPassword.js
cardupgrade.citi.com/includes/js/
7 KB
3 KB
Script
General
Full URL
https://cardupgrade.citi.com/includes/js/jQuery.dPassword.js
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
67dc1cd6e3f963c0ec4b7832b32a7c772baa5dde45faf8b117020e5e9084178a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
Content-Length
2314
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
cteonnt-length
6996
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:21 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
application/javascript
Cache-Control
private
etag
"f3ee983659c8d31:0"
accept-ranges
bytes
header.css
cardupgrade.citi.com/includes/css/
2 KB
2 KB
Stylesheet
General
Full URL
https://cardupgrade.citi.com/includes/css/header.css
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
22fb82d03f90c4b799cc5885008f22a26d3f1d00779386b83e0cf3b029e82a68
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
ntcoent-length
2080
Content-Length
786
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:20 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
text/css
Cache-Control
private
etag
"a19753659c8d31:0"
accept-ranges
bytes
footer.css
cardupgrade.citi.com/includes/css/
2 KB
2 KB
Stylesheet
General
Full URL
https://cardupgrade.citi.com/includes/css/footer.css
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
3e11ba8cf5606dfe07f6ad8117f18d885a6b5cc581186a036616b376739e599a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
ntcoent-length
2138
Content-Length
753
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:20 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
text/css
Cache-Control
private
etag
"e53553659c8d31:0"
accept-ranges
bytes
terms.css
cardupgrade.citi.com/includes/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://cardupgrade.citi.com/includes/css/terms.css
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
9f5d12c4c72ff39694edcb8a1e746fb183b149bfcab94734d5d856da4445c2b9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
Content-Length
501
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
cteonnt-length
1895
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:21 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
text/css
Cache-Control
private
etag
"c4c1363659c8d31:0"
accept-ranges
bytes
s_code_update.js
cardupgrade.citi.com/includes/js/
90 KB
29 KB
Script
General
Full URL
https://cardupgrade.citi.com/includes/js/s_code_update.js
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
8b26328a49f800aa684fd44647f2ad72980d5f25e3b6e18283fad7c11c7ad010
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
x-content-type-options
nosniff
ntcoent-length
92316
Transfer-Encoding
chunked
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
referrer-policy
strict-origin
last-modified
Wed, 24 Apr 2019 16:22:11 GMT
x-frame-options
SAMEORIGIN
date
Sat, 15 Feb 2020 00:00:56 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
content-type
application/javascript
Cache-Control
private
etag
"61c17dfb9fad41:0"
accept-ranges
bytes
logo-clear.ashx
cardupgrade.citi.com/-/media/Images/CardUpgrade/
2 KB
3 KB
Image
General
Full URL
https://cardupgrade.citi.com/-/media/Images/CardUpgrade/logo-clear.ashx?h=47&w=74&hash=B792C98A3A857AD777F2B4D95397F27F
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
254730b2457fd724c8fb56a6e1e5b959634ce43fe92377d22b6f6bf51b428212
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
strict-origin
last-modified
Thu, 12 Dec 2013 16:03:32 GMT
date
Sat, 15 Feb 2020 00:00:56 GMT
x-frame-options
SAMEORIGIN
content-type
image/png
x-xss-protection
1; mode=block
cache-control
private, max-age=604800
content-disposition
inline; filename="logo-clear.png"
Strict-Transport-Security
max-age=157680000; includeSubDomains
accept-ranges
bytes
content-length
2226
x-content-type-options
nosniff
x-ua-compatible
IE=edge
twitter.png
cardupgrade.citi.com/includes/images/footer/
1 KB
1 KB
Image
General
Full URL
https://cardupgrade.citi.com/includes/images/footer/twitter.png
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
referrer-policy
strict-origin
X-Expires-Orig
None
date
Sat, 15 Feb 2020 00:00:56 GMT
ntcoent-length
1245
x-frame-options
SAMEORIGIN
content-type
text/html
X-Cache-Control-Orig
Cache-Control
max-age=0, must-revalidate, private, private
x-content-type-options
nosniff
Strict-Transport-Security
max-age=157680000; includeSubDomains
Content-Length
679
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
facebook.png
cardupgrade.citi.com/includes/images/footer/
1 KB
1 KB
Image
General
Full URL
https://cardupgrade.citi.com/includes/images/footer/facebook.png
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
referrer-policy
strict-origin
X-Expires-Orig
None
date
Sat, 15 Feb 2020 00:00:57 GMT
ntcoent-length
1245
x-frame-options
SAMEORIGIN
content-type
text/html
X-Cache-Control-Orig
Cache-Control
max-age=0, must-revalidate, private, private
x-content-type-options
nosniff
Strict-Transport-Security
max-age=157680000; includeSubDomains
Content-Length
679
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
youtube.png
cardupgrade.citi.com/includes/images/footer/
1 KB
1 KB
Image
General
Full URL
https://cardupgrade.citi.com/includes/images/footer/youtube.png
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
referrer-policy
strict-origin
X-Expires-Orig
None
date
Sat, 15 Feb 2020 00:00:57 GMT
ntcoent-length
1245
x-frame-options
SAMEORIGIN
content-type
text/html
X-Cache-Control-Orig
Cache-Control
max-age=0, must-revalidate, private, private
x-content-type-options
nosniff
Strict-Transport-Security
max-age=157680000; includeSubDomains
Content-Length
679
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
logo_small.gif
cardupgrade.citi.com/includes/images/footer/
397 B
1 KB
Image
General
Full URL
https://cardupgrade.citi.com/includes/images/footer/logo_small.gif
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
b424f0a92ba4e78f78f9ec50a4a02d610e0b3189f093d65b2ac005da6525aff6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:21 GMT
etag
"65ca5a3659c8d31:0"
x-frame-options
SAMEORIGIN
content-type
image/gif
x-xss-protection
1; mode=block
date
Sat, 15 Feb 2020 00:00:57 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
accept-ranges
bytes
content-length
397
x-content-type-options
nosniff
x-ua-compatible
IE=edge
s63926547922473
metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/
Redirect Chain
  • https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s63926547922473?AQB=1&ndh=1&pf=1&t=15%2F1%2F2020%201%3A1%3A0%206%20-60&fid=2BAE0949CC0DF71E-34ED1DD808763D30&ce=UTF-8&g=https%3A%2F%2Fcardupgrad...
  • https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s63926547922473?AQB=1&pccr=true&vidn=2F239A5E0515DF51-4000083BE1475B75&ndh=1&pf=1&t=15%2F1%2F2020%201%3A1%3A0%206%20-60&fid=2BAE0949CC0DF71E-34E...
43 B
267 B
Image
General
Full URL
https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s63926547922473?AQB=1&pccr=true&vidn=2F239A5E0515DF51-4000083BE1475B75&ndh=1&pf=1&t=15%2F1%2F2020%201%3A1%3A0%206%20-60&fid=2BAE0949CC0DF71E-34ED1DD808763D30&ce=UTF-8&g=https%3A%2F%2Fcardupgrade.citi.com%2Ferror.aspx&c.&visitStart=1&.c&cc=USD&ch=CARDSPublic&server=XCVMDWWSC02.citacxdmz.acxiom.com&c1=Upgrade%20Portal&c2=Axciom&c11=EN&c63=https%3A%2F%2Fcardupgrade.citi.com%2Ferror.aspx&c64=7%3A01PM&v64=7%3A01PM&c65=Friday&v65=Friday&c66=Friday%7C7%3A01PM&v67=New&v68=1&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/error.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.188.105.205 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-188-105-205.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Sat, 15 Feb 2020 00:01:00 GMT
x-content-type-options
nosniff
x-c
master-1158.Ib7fada.M0-347
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sun, 16 Feb 2020 00:01:00 GMT
server
jag
xserver
anedge-67ff9d5b4c-4qjn4
etag
3396728272570384384-4615107773796524589
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Fri, 14 Feb 2020 00:01:00 GMT

Redirect headers

date
Sat, 15 Feb 2020 00:01:00 GMT
x-content-type-options
nosniff
x-c
master-1158.Ib7fada.M0-347
p3p
CP="This is not a P3P policy"
status
302
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sun, 16 Feb 2020 00:01:00 GMT
server
jag
xserver
anedge-67ff9d5b4c-2wjtb
location
https://metrics1.citi.com/b/ss/citinaprod/1/JS-2.0.0/s63926547922473?AQB=1&pccr=true&vidn=2F239A5E0515DF51-4000083BE1475B75&ndh=1&pf=1&t=15%2F1%2F2020%201%3A1%3A0%206%20-60&fid=2BAE0949CC0DF71E-34ED1DD808763D30&ce=UTF-8&g=https%3A%2F%2Fcardupgrade.citi.com%2Ferror.aspx&c.&visitStart=1&.c&cc=USD&ch=CARDSPublic&server=XCVMDWWSC02.citacxdmz.acxiom.com&c1=Upgrade%20Portal&c2=Axciom&c11=EN&c63=https%3A%2F%2Fcardupgrade.citi.com%2Ferror.aspx&c64=7%3A01PM&v64=7%3A01PM&c65=Friday&v65=Friday&c66=Friday%7C7%3A01PM&v67=New&v68=1&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
content-type
text/plain;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Fri, 14 Feb 2020 00:01:00 GMT
topnav-bg-repeat.png
cardupgrade.citi.com/includes/images/bg/
1 KB
1 KB
Image
General
Full URL
https://cardupgrade.citi.com/includes/images/bg/topnav-bg-repeat.png
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/includes/js/jquery-1.4.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
dc1d54dab6ec8c00f70137927504e4f222c8395f10760b6beecfcfa94e08249f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Content-Encoding
gzip
referrer-policy
strict-origin
X-Expires-Orig
None
date
Sat, 15 Feb 2020 00:00:57 GMT
ntcoent-length
1245
x-frame-options
SAMEORIGIN
content-type
text/html
X-Cache-Control-Orig
Cache-Control
max-age=0, must-revalidate, private, private
x-content-type-options
nosniff
Strict-Transport-Security
max-age=157680000; includeSubDomains
Content-Length
679
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge
header-blue-bg.png
cardupgrade.citi.com/includes/images/bg/
260 B
1 KB
Image
General
Full URL
https://cardupgrade.citi.com/includes/images/bg/header-blue-bg.png
Requested by
Host: cardupgrade.citi.com
URL: https://cardupgrade.citi.com/includes/js/jquery-1.4.2.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
198.160.105.70 , United States, ASN15026 (ACXIOM, US),
Reverse DNS
Software
/
Resource Hash
bba45ad675e25a472e6f9aa1a41f672f29c9284eadbd84c9809a47bcf487ca35
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cardupgrade.citi.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

content-security-policy
default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
referrer-policy
strict-origin
last-modified
Fri, 30 Mar 2018 18:59:21 GMT
etag
"4a583a3659c8d31:0"
x-frame-options
SAMEORIGIN
content-type
image/png
x-xss-protection
1; mode=block
date
Sat, 15 Feb 2020 00:00:57 GMT
Strict-Transport-Security
max-age=157680000; includeSubDomains
accept-ranges
bytes
content-length
260
x-content-type-options
nosniff
x-ua-compatible
IE=edge

Verdicts & Comments Add Verdict or Comment

30 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| $ function| jQuery function| s_getLoadTime function| AppMeasurement function| s_gi function| s_pgicq function| c_r function| c_rspers function| c_w object| s_c_il number| s_c_in object| s number| s_loadT number| s_objectID number| s_giq undefined| s_code object| rs string| r object| rx number| d object| eo number| y string| s_tnt object| s_i_citinaprod function| checkAlphaNumeric function| onlyNumbers number| ao_poll_time string| ao_keepalive_image

7 Cookies

Domain/Path Name / Value
.citi.com/ Name: s_vi
Value: [CS]v1|2F239A5E0515DF51-4000083BE1475B75[CE]
.citi.com/ Name: s_cc
Value: true
.citi.com/ Name: s_sess
Value: %20SC_LINKS%3D%3B
.citi.com/ Name: s_fid
Value: 2BAE0949CC0DF71E-34ED1DD808763D30
.citi.com/ Name: XCADC
Value: VwgOdGf744I88vvEjZUq2e55w/s0001
.citi.com/ Name: s_pers
Value: %20gpv_p7%3Dno%2520value%7C1581726660487%3B%20s_visit%3D1%7C1581726660488%3B%20s_vnum%3D1583017200489%2526vn%253D1%7C1583017200489%3B%20s_invisit%3Dtrue%7C1581726660489%3B%20s_nr%3D1581724860491-New%7C1739404860491%3B
cardupgrade.citi.com/ Name: NSC_DVQ-dbsevqhsbef-QSPE-DXZ
Value: 5ccba3d824edb0637ee05f96c90d5a4ef0a03faf3191ab1253f0f182743b92e7cf6060fe

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; connect-src *; font-src *; frame-src *; img-src * data:; media-src *; object-src *; script-src * 'unsafe-inline' 'unsafe-eval'; style-src * 'unsafe-inline';
Strict-Transport-Security max-age=157680000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block