urlscan.io logo urlscan.io
SecurityTrails logo

kreditt.bnbank.no Open in urlscan Pro
193.212.175.230  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://kreditt.bnbank.no/
Effective URL: https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Submission: On July 04 via automatic, source certstream-suspicious — Scanned from NO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 193.212.175.230, located in Drammen, Norway and belongs to TELENOR-NEXTEL Telenor Norge AS, NO. The main domain is kreditt.bnbank.no.
TLS certificate: Issued by R10 on July 4th 2024. Valid for: 3 months.
This is the only time kreditt.bnbank.no was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 5 193.212.175.230 2119 (TELENOR-N...)
8 193.212.175.201 2119 (TELENOR-N...)
2 193.212.175.209 2119 (TELENOR-N...)
13 3
Apex Domain
Subdomains		 Transfer
13 bnbank.no
kreditt.bnbank.no
login.bnbank.no
307 KB
2 sparebank1.no
www.sparebank1.no — Cisco Umbrella Rank: 779992
5 KB
13 2
Domain Requested by
8 login.bnbank.no kreditt.bnbank.no
login.bnbank.no
5 kreditt.bnbank.no 2 redirects kreditt.bnbank.no
2 www.sparebank1.no login.bnbank.no
www.sparebank1.no
13 3

This site contains links to these domains. Also see Links.

Domain
www.sparebank1.no
www.bnbank.no
Subject Issuer Validity Valid
kreditt.bnbank.no
R10		 2024-07-04 -
2024-10-02		 3 months crt.sh
login.bnbank.no
R10		 2024-07-03 -
2024-10-01		 3 months crt.sh
sparebank1.no
DigiCert EV RSA CA G2		 2024-01-15 -
2025-01-24		 a year crt.sh

This page contains 2 frames:

Primary Page: https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Frame ID: 7FE2064C9E181E9183795A9B8808CED5
Requests: 3 HTTP requests in this frame

Frame: https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Frame ID: 8461E021FE8BF7C3956BB9AC53ED1F3C
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Kredittbanken Innlogging

Page URL History Show full URLs

  1. https://kreditt.bnbank.no/ HTTP 302
    https://kreditt.bnbank.no/minside HTTP 302
    https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside Page URL

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

311 kB
Transfer

829 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://kreditt.bnbank.no/ HTTP 302
    https://kreditt.bnbank.no/minside HTTP 302
    https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request logg-inn.html
kreditt.bnbank.no/minside/innlogging/
Redirect Chain
  • https://kreditt.bnbank.no/
  • https://kreditt.bnbank.no/minside
  • https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
8 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.230 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
kreditt.bnbank.no
Software
/
Resource Hash
c6f6285ab5a15abcd3b7b1788515470b416dccf838046a3c107d5ea24877ba15
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-4xe8E+WvE/vNo9dLMsfqgg' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
no-NO,no;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-language
no-NO
content-security-policy
default-src 'none'; script-src 'strict-dynamic' 'nonce-4xe8E+WvE/vNo9dLMsfqgg' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
content-security-policy-report-only
default-src *.sparebank1.no; script-src *.sparebank1.no 'unsafe-inline' 'unsafe-eval' blob: sparebank1.d3.sc.omtrdc.net 'self'; style-src *.sparebank1.no 'unsafe-inline' 'self'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src *.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net 'self'; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data: 'self'; form-action *.sparebank1.no; object-src 'none'; report-uri https://www.sparebank1.no/logservlet/csp
content-type
text/html;charset=utf-8
date
Thu, 04 Jul 2024 05:24:08 GMT
expires
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
transfer-encoding
chunked
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
x-frame-options
DENY
x-xss-protection
0

Redirect headers

Strict-Transport-Security
max-age=31536000
content-length
0
date
Thu, 04 Jul 2024 05:24:08 GMT
location
https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
vary
Accept-Encoding
x-envoy-upstream-service-time
2
/
login.bnbank.no/ Frame 8461 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Requested by
Host: kreditt.bnbank.no
URL: https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
8016faeaabbfca75e74434966f8cf8e8d6a1a24b6c4c39e1ec0d0853091315b3
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-wS1mlNMei8SnYqnGmMd63Q' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://kreditt.bnbank.no/
X-Xss-Protection 0

Request headers

Accept-Language
no-NO,no;q=0.9;q=0.9
Referer
https://kreditt.bnbank.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-language
no-NO
content-length
1546
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-wS1mlNMei8SnYqnGmMd63Q' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
content-type
text/html;charset=utf-8
date
Thu, 04 Jul 2024 05:24:09 GMT
etag
"0a65fd814bb7922bfd174b902ca69f781"
expires
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options
nosniff
x-envoy-upstream-service-time
10
x-frame-options
ALLOW-FROM https://kreditt.bnbank.no/
x-xss-protection
0
bnbank.svg
kreditt.bnbank.no/minside/innlogging/static/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kreditt.bnbank.no/minside/innlogging/static/bnbank.svg
Requested by
Host: kreditt.bnbank.no
URL: https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.230 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
kreditt.bnbank.no
Software
/
Resource Hash
bce3b226ce909c70d39ce3863da016a88d095e89a95c8e1d643433fcd78116f8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-guunJqaRL6NMlh8qp3B+gw' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 05:24:08 GMT
content-security-policy
default-src 'none'; script-src 'strict-dynamic' 'nonce-guunJqaRL6NMlh8qp3B+gw' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
etag
"08ed7b49914770ac2a92cbf3752d3175f"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-security-policy-report-only
default-src *.sparebank1.no; script-src *.sparebank1.no 'unsafe-inline' 'unsafe-eval' blob: sparebank1.d3.sc.omtrdc.net 'self'; style-src *.sparebank1.no 'unsafe-inline' 'self'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src *.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net 'self'; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data: 'self'; form-action *.sparebank1.no; object-src 'none'; report-uri https://www.sparebank1.no/logservlet/csp
content-type
image/svg+xml
x-frame-options
DENY
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
2
accept-ranges
bytes
content-length
3009
x-xss-protection
0
loginapp.css
login.bnbank.no/static/ Frame 8461 		92 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Requested by
Host: login.bnbank.no
URL: https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
4fc0cb834efd78d74548e8a97bbd7e216c67d1be40967ef06b56083d975f8ac8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-UCEcSLLRlfvhlU1Mh8TsAQ' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 05:24:09 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-UCEcSLLRlfvhlU1Mh8TsAQ' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
Strict-Transport-Security
max-age=31536000
content-encoding
gzip
transfer-encoding
chunked
x-envoy-upstream-service-time
3
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
etag
"033b379e63f9e0be9b7e87156198f4ef1--gzip"
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
content-type
text/css
cache-control
max-age=60, must-revalidate, public
accept-ranges
bytes
loginapp.js
login.bnbank.no/static/ Frame 8461 		642 KB
190 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.bnbank.no/static/loginapp.js?hash=a4cf97db20378a76c104
Requested by
Host: login.bnbank.no
URL: https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
c644456930b8d0a64fe711134178bc5edad823f1f0b2e570e19aac8dcadd418d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-BAyRFupu0qu6fzd6T9sgBw' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 05:24:09 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-BAyRFupu0qu6fzd6T9sgBw' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
Strict-Transport-Security
max-age=31536000
content-encoding
gzip
transfer-encoding
chunked
x-envoy-upstream-service-time
5
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
etag
"0268f66dfc6b8004c3aceeb31b69b68ba--gzip"
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
content-type
text/javascript
cache-control
max-age=60, must-revalidate, public
accept-ranges
bytes
statistikk.js
www.sparebank1.no/statistikk/ Frame 8461 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sparebank1.no/statistikk/statistikk.js
Requested by
Host: login.bnbank.no
URL: https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.209 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
www.sparebank1.no
Software
istio-envoy /
Resource Hash
57d3470a7e6b464973b7975c7dcf6fe5b1139225afbdbdc4e0c614391fed8a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.bnbank.no/
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://mobilbank-pm.sparebank1.no
date
Thu, 04 Jul 2024 05:24:09 GMT
Strict-Transport-Security
max-age=31536000
x-envoy-upstream-service-time
2
server
istio-envoy
transfer-encoding
chunked
content-type
application/javascript
SpareBank1-Regular-Web.d65aaba253542601cd1e.woff2
login.bnbank.no/static/fonts/ Frame 8461 		36 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.bnbank.no/static/fonts/SpareBank1-Regular-Web.d65aaba253542601cd1e.woff2
Requested by
Host: login.bnbank.no
URL: https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
ce76fadc5aa6c2c526765866945a882ecebc84237257274b970a3ba55f728748
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-IFPiME1JcOMe1XF6TEpHXQ' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Origin
https://login.bnbank.no
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 05:24:09 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-IFPiME1JcOMe1XF6TEpHXQ' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
Strict-Transport-Security
max-age=31536000
etag
"079c94508d6f926bd4786b062863ec94b"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
content-type
font/woff2
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
37372
x-xss-protection
0
init
login.bnbank.no/api/app/session/ Frame 8461 		227 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.bnbank.no/api/app/session/init?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside&lang=nb
Requested by
Host: login.bnbank.no
URL: https://login.bnbank.no/static/loginapp.js?hash=a4cf97db20378a76c104
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
e4fd201c53faa1a0581f8988bd50243b1d6e138ef764832aa0c2d962cf3ae3d7
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-qJk0x5IIosorgHw1QOo/DA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Accept
application/json
Referer
https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 05:24:09 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-qJk0x5IIosorgHw1QOo/DA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
Strict-Transport-Security
max-age=31536000
server
istio-envoy
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time
13
content-length
227
x-xss-protection
0
expires
0
bnbank.ico
kreditt.bnbank.no/minside/innlogging/static/ 		1 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://kreditt.bnbank.no/minside/innlogging/static/bnbank.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.230 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
kreditt.bnbank.no
Software
/
Resource Hash
b9adfeb40f2d131663d3eab2fd05b9a2879db9cfa9faa2256d1b13459290d723
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-jL5sj2deIGXAD5+Cu+cobw' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kreditt.bnbank.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 05:24:09 GMT
content-security-policy
default-src 'none'; script-src 'strict-dynamic' 'nonce-jL5sj2deIGXAD5+Cu+cobw' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
etag
"01e3fc9d6eeec49857f83ba1fa1fede6b"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-security-policy-report-only
default-src *.sparebank1.no; script-src *.sparebank1.no 'unsafe-inline' 'unsafe-eval' blob: sparebank1.d3.sc.omtrdc.net 'self'; style-src *.sparebank1.no 'unsafe-inline' 'self'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src *.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net 'self'; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data: 'self'; form-action *.sparebank1.no; object-src 'none'; report-uri https://www.sparebank1.no/logservlet/csp
content-type
image/x-icon
x-frame-options
DENY
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
1150
x-xss-protection
0
bankid-ikon.11d665aca340d32a0fd6.svg
login.bnbank.no/static/images/ Frame 8461 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.bnbank.no/static/images/bankid-ikon.11d665aca340d32a0fd6.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
f099557dd1b7b65d5bb7a50dff729caabd77c576f8d686907196ae641ee8ff42
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-yBwJ3O8pTMrSFmmD0UYb/w' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 05:24:09 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-yBwJ3O8pTMrSFmmD0UYb/w' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
Strict-Transport-Security
max-age=31536000
etag
"047f589c5a7a94d28255da3a2ba144742"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
content-type
image/svg+xml
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
3454
x-xss-protection
0
bankid-mobil-ikon.f7a7fe933035e9f14f1b.svg
login.bnbank.no/static/images/ Frame 8461 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.bnbank.no/static/images/bankid-mobil-ikon.f7a7fe933035e9f14f1b.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
d79664fca8ebee293b0e75a2257e08530e885bbe47295a907c92c59b728aec32
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-flsc3MzyjE7xfJJ9dKaHnw' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 05:24:09 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-flsc3MzyjE7xfJJ9dKaHnw' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
Strict-Transport-Security
max-age=31536000
etag
"0ed19fa0b692d4022688ed2ca2100519b"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.bnbank.no/?app=kundefront-pm-kredittbanken&finInst=fid-bnbank&goto=https%3A%2F%2Fkreditt.bnbank.no%2Fminside
content-type
image/svg+xml
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
1932
x-xss-protection
0
SpareBank1-Medium-Web.d7924534ee746a22ba02.woff2
login.bnbank.no/static/fonts/ Frame 8461 		34 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.bnbank.no/static/fonts/SpareBank1-Medium-Web.d7924534ee746a22ba02.woff2
Requested by
Host: login.bnbank.no
URL: https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
85754d88ab577119d1c07094f6f3fd15c16a2b24e612b6935d701d654cd7af91
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-SqwRWmDCa3ViDdgGJ6DTOw' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Origin
https://login.bnbank.no
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 05:24:09 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-SqwRWmDCa3ViDdgGJ6DTOw' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
Strict-Transport-Security
max-age=31536000
etag
"085e620fd649baca0ff4080d50d203cb7"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.bnbank.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
content-type
font/woff2
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
35052
x-xss-protection
0
/
www.sparebank1.no/statistikk/ Frame 8461 		0
350 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sparebank1.no/statistikk/
Requested by
Host: www.sparebank1.no
URL: https://www.sparebank1.no/statistikk/statistikk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.209 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
www.sparebank1.no
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://login.bnbank.no/
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://login.bnbank.no
date
Thu, 04 Jul 2024 05:24:10 GMT
Strict-Transport-Security
max-age=31536000
access-control-allow-credentials
true
x-envoy-upstream-service-time
1
server
istio-envoy
content-length
0

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage object| SB1

5 Cookies

Domain/Path Name / Value
kreditt.bnbank.no/ Name: DSESSIONID
Value: B2FF94AB.EC24.668631F8
.kreditt.bnbank.no/ Name: csrf
Value: AF3KYwpMos1HfOhSuUdvprq4cgi3DF_BY6Bb_echfeY
.bnbank.no/ Name: Spor
Value: 171cfa9b-1db6-4ce1-9db2-e49a21245a96
login.bnbank.no/ Name: SESSION
Value: NGEyMjdkODQtZTcyNy00NWE2LWE5YTAtMTI1ZDMxMGUwZWY0
login.bnbank.no/ Name: DSESSIONID
Value: B2FF94AB.DE20.668631F8

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-4xe8E+WvE/vNo9dLMsfqgg' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0