urlscan.io logo urlscan.io
SecurityTrails logo

taotlus.bigbank.ee Open in urlscan Pro
185.235.160.2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://taotlus.bigbank.ee/
Effective URL: https://taotlus.bigbank.ee/
Submission: On July 23 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 6 domains to perform 19 HTTP transactions. The main IP is 185.235.160.2, located in Estonia and belongs to BIGBANK, EE. The main domain is taotlus.bigbank.ee.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on January 10th 2020. Valid for: a year.
This is the only time taotlus.bigbank.ee was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 15 185.235.160.2 204411 (BIGBANK)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
19 4
Domain Requested by
13 taotlus.bigbank.ee 1 redirects taotlus.bigbank.ee
2 www.google-analytics.com www.googletagmanager.com
taotlus.bigbank.ee
1 report-uri.bigbank.eu taotlus.bigbank.ee
1 auth.bigbank.eu taotlus.bigbank.ee
1 www.googletagmanager.com taotlus.bigbank.ee
0 www.google.de Failed taotlus.bigbank.ee
0 www.google.com Failed taotlus.bigbank.ee
19 7

This site contains links to these domains. Also see Links.

Domain
www.bigbank.ee
Subject Issuer Validity Valid
taotlus.bigbank.ee
DigiCert SHA2 Secure Server CA		 2020-01-10 -
2021-01-14		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-07-07 -
2020-09-29		 3 months crt.sh
auth.bigbank.eu
DigiCert SHA2 Extended Validation Server CA		 2019-07-23 -
2021-07-27		 2 years crt.sh
report-uri.bigbank.eu
DigiCert SHA2 Secure Server CA		 2019-06-26 -
2021-08-27		 2 years crt.sh

This page contains 2 frames:

Primary Page: https://taotlus.bigbank.ee/
Frame ID: 84EF99013A495470D5843F75ED4E3E66
Requests: 18 HTTP requests in this frame

Frame: https://auth.bigbank.eu/heartbeat
Frame ID: B7B2B718EB1935B9F1DE66FF07531F81
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://taotlus.bigbank.ee/ HTTP 302
    https://taotlus.bigbank.ee/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

19
Requests

89 %
HTTPS

67 %
IPv6

6
Domains

7
Subdomains

4
IPs

3
Countries

2372 kB
Transfer

2478 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://taotlus.bigbank.ee/ HTTP 302
    https://taotlus.bigbank.ee/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1398539515&t=pageview&_s=1&dl=https%3A%2F%2Ftaotlus.bigbank.ee%2Fet&ul=en-us&de=UTF-8&dt=Taotlus%20%7C%20Bigbank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAAAB~&jid=1303305956&gjid=1523024264&cid=1257921086.1595531218&tid=UA-3730644-42&_gid=1684627019.1595531218&_r=1&gtm=2wg7f0PV6VB5&z=399506519 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3730644-42&cid=1257921086.1595531218&jid=1303305956&_gid=1684627019.1595531218&gjid=1523024264&_v=j83&z=399506519 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3730644-42&cid=1257921086.1595531218&jid=1303305956&_v=j83&z=399506519

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
taotlus.bigbank.ee/
Redirect Chain
  • http://taotlus.bigbank.ee/
  • https://taotlus.bigbank.ee/
984 B
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
6918c3cdd93e60489c3305b03e9183187acd83011c699a975adb3acd23b97251
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
taotlus.bigbank.ee
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

X-Powered-By
Express
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Accept-Ranges
bytes
Cache-Control
public, max-age=0
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
ETag
W/"3d8-17371799420"
Content-Type
text/html; charset=UTF-8
Content-Length
984
Date
Thu, 23 Jul 2020 19:06:57 GMT
Set-Cookie
10d45632a9d37320288b42b288e7500f=ac5f41dab0351d28778fe19e10dd4cbe; path=/; HttpOnly; Secure
Cache-control
private

Redirect headers

Cache-Control
no-cache
Content-length
0
Location
https://taotlus.bigbank.ee/
app.b632944b.css
taotlus.bigbank.ee/css/ 		2 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/css/app.b632944b.css
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
29fa283f91a83ed05854b53148e74752c893ad9ad706ae1b8f4543a0edcf599f
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"7ca-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
1994
X-XSS-Protection
1; mode=block
chunk-vendors.30325fd4.css
taotlus.bigbank.ee/css/ 		550 KB
552 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/css/chunk-vendors.30325fd4.css
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
8169a5e1b05b525cba916ba1a34dc54a53b45f0a8498fed15517808ab8cd515f
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"897d5-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
563157
X-XSS-Protection
1; mode=block
app.6322d071.js
taotlus.bigbank.ee/js/ 		321 KB
323 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/js/app.6322d071.js
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
307165d1bf73b0a23e88ea60b6ea390f7862116f0582c49e226c51b17356fb0b
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"503f1-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
328689
X-XSS-Protection
1; mode=block
chunk-vendors.0bce3c57.js
taotlus.bigbank.ee/js/ 		941 KB
942 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
563c513aefaa2ffb781cc851df5e870e6766612c385cd2ccb4ee1ddbde42ea68
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"eb270-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
963184
X-XSS-Protection
1; mode=block
configuration.js
taotlus.bigbank.ee/ 		137 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/configuration.js
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
43aa1c0d7353eb282fe8f1b0bd5bb1f2549cd0cd4e97bccd63ac47f88297597a
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
application/javascript; charset=utf-8
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"89-gybDiFOgFiGtVzX5r4jaH5Nn1/c"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Content-Length
137
X-XSS-Protection
1; mode=block
gtm.js
www.googletagmanager.com/ 		147 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PV6VB5
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f2d445fa28bf02794f4f96c3cd0532a16caedecf7eb4b62b7950100a19c6d495
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

date
Thu, 23 Jul 2020 19:06:57 GMT
content-encoding
br
vary
Accept-Encoding
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
48295
x-xss-protection
0
last-modified
Thu, 23 Jul 2020 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 23 Jul 2020 19:06:57 GMT
Cookie set heartbeat
auth.bigbank.eu/ Frame B7B2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.bigbank.eu/heartbeat
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bigbank.eu; img-src 'self' data:; connect-src 'self' *.bigbank.eu *.bigbank.fi *.bigbank.nl *.bigbank.de *.bigbank.at *.bigbank.ee *.bigbank.se *.bigbank.lt *.bigbank.lv *.bigbank.bg; worker-src 'self' *.facebook.net *.facebook.com; frame-src 'self' *.facebook.net *.facebook.com id-card.bigbank.ee bankid:; object-src 'self' *.bigbank.eu; font-src 'self' data: *.amazonaws.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
auth.bigbank.eu
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://taotlus.bigbank.ee/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Referer
https://taotlus.bigbank.ee/

Response headers

X-Powered-By
Express
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.amazonaws.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bigbank.eu; img-src 'self' data:; connect-src 'self' *.bigbank.eu *.bigbank.fi *.bigbank.nl *.bigbank.de *.bigbank.at *.bigbank.ee *.bigbank.se *.bigbank.lt *.bigbank.lv *.bigbank.bg; worker-src 'self' *.facebook.net *.facebook.com; frame-src 'self' *.facebook.net *.facebook.com id-card.bigbank.ee bankid:; object-src 'self' *.bigbank.eu; font-src 'self' data: *.amazonaws.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Expect-CT
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Vary
Origin
Access-Control-Allow-Credentials
true
Refresh
20
Content-Type
text/html; charset=utf-8
Content-Length
0
ETag
W/"0-2jmj7l5rSw0yVb/vlWAYkK/YBwk"
Set-Cookie
connect.sid=s%3AQgFqQk6QNj4VIKiiAdgLeBi_vR0rgEs6.dcvdDVSCCAbja0EnxU2Jb3MaTG%2FI7JTB%2FGHSuADFa9c; Path=/; HttpOnly; Secure; SameSite=None b8659898ac876626ca6375b72d97da59=64bdb7d460ac3ff8e8ae9ead5aef8231; path=/; HttpOnly; Secure
Date
Thu, 23 Jul 2020 19:06:57 GMT
Cache-control
private
GothamSSm-Medium.f2afb4c3.otf
taotlus.bigbank.ee/fonts/ 		126 KB
127 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/fonts/GothamSSm-Medium.f2afb4c3.otf
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
5613e4050d5f74507cedccde396912626e9bb945a5a95efc3ccd2e30b876c706
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Referer
https://taotlus.bigbank.ee/css/chunk-vendors.30325fd4.css
Origin
https://taotlus.bigbank.ee

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
font/otf
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"1f604-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
128516
X-XSS-Protection
1; mode=block
GothamSSm-Bold.4efe66b7.otf
taotlus.bigbank.ee/fonts/ 		125 KB
127 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/fonts/GothamSSm-Bold.4efe66b7.otf
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
0e0e1b11f791666161be1df51bf2c338d78de5fae98e9f1c7231dc5f02283cd5
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Referer
https://taotlus.bigbank.ee/css/chunk-vendors.30325fd4.css
Origin
https://taotlus.bigbank.ee

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
font/otf
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"1f548-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
128328
X-XSS-Protection
1; mode=block
GothamSSm-Book.5fd222f7.otf
taotlus.bigbank.ee/fonts/ 		124 KB
125 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/fonts/GothamSSm-Book.5fd222f7.otf
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
97bd09001c0dc97c7f47c4bd7a2ed2ef2efe3d6264fae21e3622bdf49228acb2
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Referer
https://taotlus.bigbank.ee/css/chunk-vendors.30325fd4.css
Origin
https://taotlus.bigbank.ee

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
font/otf
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"1ee64-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
126564
X-XSS-Protection
1; mode=block
FFMaxWebPro-DemiBold.10b4c3ef.woff
taotlus.bigbank.ee/fonts/ 		70 KB
72 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/fonts/FFMaxWebPro-DemiBold.10b4c3ef.woff
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
857f982052453f282e492af783a42dc0f1c18229c51345d19ac876bcfae4e842
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Referer
https://taotlus.bigbank.ee/css/chunk-vendors.30325fd4.css
Origin
https://taotlus.bigbank.ee

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
font/woff
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"11930-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
71984
X-XSS-Protection
1; mode=block
bigbank-dark@2x.b7da80b9.png
taotlus.bigbank.ee/img/ 		4 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://taotlus.bigbank.ee/img/bigbank-dark@2x.b7da80b9.png
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/et
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
f949b4433b117ea273975363a495e6e61ebf409d75b9c6f83875f5614581ae70
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://taotlus.bigbank.ee/et
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Jul 2020 13:04:20 GMT
X-Content-Type-Options
nosniff
X-Powered-By
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
Content-Type
image/png
Cache-Control
public, max-age=0
Date
Thu, 23 Jul 2020 19:06:57 GMT
ETag
W/"11dc-17371799420"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Accept-Ranges
bytes
Content-Length
4572
X-XSS-Protection
1; mode=block
pricing-conditions
taotlus.bigbank.ee/api/v2/ 		8 KB
10 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://taotlus.bigbank.ee/api/v2/pricing-conditions
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/ Express
Resource Hash
c7f9e3fcd4c2e0424e067e368bfe68bcbafa5e8da562df5f0bd68e99de017309
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://taotlus.bigbank.ee/et
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
x-powered-by
Express
Expect-CT
enforce, max-age=30, report-uri="https://report-uri.bigbank.eu/ct"
session-expiry-datetime
2020-07-23T19:36:57.614Z
content-type
application/json; charset=utf-8
date
Thu, 23 Jul 2020 19:06:57 GMT
etag
W/"205f-nECP4g6zad7v1fnFJDSPfacr23M"
Content-Security-Policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
content-length
8287
X-XSS-Protection
1; mode=block
analytics.js
www.google-analytics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PV6VB5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
1995
date
Thu, 23 Jul 2020 18:33:42 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Thu, 23 Jul 2020 20:33:42 GMT
ga-audiences
www.google.com/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j83&a=1398539515&t=pageview&_s=1&dl=https%3A%2F%2Ftaotlus.bigbank.ee%2Fet&ul=en-us&de=UTF-8&dt=Taotlus%20%7C%20Bigbank&sd=24-bit&sr=1600x1200&vp=16...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-3730644-42&cid=1257921086.1595531218&jid=1303305956&_gid=1684627019.1595531218&gjid=1523024264&_v=j83&z=399506519
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3730644-42&cid=1257921086.1595531218&jid=1303305956&_v=j83&z=399506519
0
0
collect
www.google-analytics.com/ 		35 B
105 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j83&a=1398539515&t=event&ni=0&_s=1&dl=https%3A%2F%2Ftaotlus.bigbank.ee%2Fet%3Famount%3D5000%26period%3D60%26productName%3DSMALL_LOAN%26loanPurpose%3DDAILY_SETTLEMENTS&ul=en-us&de=UTF-8&dt=Taotlus%20%7C%20Bigbank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=undefined&ea=Pageview&el=Loan%20application%20personal-data%20PAGEVIEW&_u=aEDAAAAB~&jid=&gjid=&cid=1257921086.1595531218&tid=UA-3730644-42&_gid=1684627019.1595531218&gtm=2wg7f0PV6VB5&z=656121521
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/et?amount=5000&period=60&productName=SMALL_LOAN&loanPurpose=DAILY_SETTLEMENTS
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 21 Jul 2020 15:40:18 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
185199
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-25=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
csp
report-uri.bigbank.eu/ 		14 KB
14 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://report-uri.bigbank.eu/csp
Requested by
Host: taotlus.bigbank.ee
URL: https://taotlus.bigbank.ee/et?amount=5000&period=60&productName=SMALL_LOAN&loanPurpose=DAILY_SETTLEMENTS
Protocol
HTTP/0.9
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.235.160.2 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
/
Resource Hash
d3c181d5bf8585005052f7f38bb70f46de3fc27e8ab384e4387432c399ca79ea

Request headers

Referer
https://taotlus.bigbank.ee/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36
Content-Type
application/csp-report

Response headers
ga-audiences
www.google.de/ads/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.com
URL
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3730644-42&cid=1257921086.1595531218&jid=1303305956&_v=j83&z=399506519
Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-3730644-42&cid=1257921086.1595531218&jid=1303305956&_v=j83&z=399506519&slf_rd=1&random=2978255274

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| config object| webpackJsonp object| __core-js_shared__ object| core object| regeneratorRuntime object| elasticApm function| postscribe object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData

8 Cookies

Domain/Path Name / Value
auth.bigbank.eu/ Name: connect.sid
Value: s%3AQgFqQk6QNj4VIKiiAdgLeBi_vR0rgEs6.dcvdDVSCCAbja0EnxU2Jb3MaTG%2FI7JTB%2FGHSuADFa9c
.taotlus.bigbank.ee/ Name: _gat_UA-3730644-42
Value: 1
.taotlus.bigbank.ee/ Name: _gid
Value: GA1.3.1684627019.1595531218
.taotlus.bigbank.ee/ Name: _ga
Value: GA1.3.1257921086.1595531218
auth.bigbank.eu/ Name: b8659898ac876626ca6375b72d97da59
Value: 64bdb7d460ac3ff8e8ae9ead5aef8231
taotlus.bigbank.ee/ Name: loanorigination.sid
Value: s%3AQGzC4xVtevIPJSOmUFU5Z0bFjHLc9URk.FFRqIo6%2BSrXUKpJ1EeTwbxYl4FOwRa%2BQZL2FWgJnaYo
taotlus.bigbank.ee/ Name: Authenticated
Value: false
taotlus.bigbank.ee/ Name: 10d45632a9d37320288b42b288e7500f
Value: ac5f41dab0351d28778fe19e10dd4cbe

4 Console Messages

Source Level URL
Text
console-api info URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js(Line 32)
Message:
[Elastic APM] RUM agent is inactive
console-api warning URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js(Line 38)
Message:
Untranslated et key found: This session will expire in
console-api warning URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js(Line 38)
Message:
Untranslated et key found: Turvalisuse huvides sulgeme antud taotluse akna ning palume teil end uuesti autentida. Te saate taotlust alati jätkata logides sisse Bigbank iseteenindusse. Kas soovite sessiooni jätkata?
console-api warning URL: https://taotlus.bigbank.ee/js/chunk-vendors.0bce3c57.js(Line 38)
Message:
Untranslated et key found: Dynamic partner disclaimer text

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com ws: wss: *.bigbank.eu bigbank.uriports.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.com https://*.google.ee https://*.doubleresults.com https://*.facebook.com; font-src 'self' data: https://*.gstatic.com; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://p4r24.eu https://id-card.bigbank.ee https://auth.bigbank.eu; object-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com; report-uri https://report-uri.bigbank.eu/csp; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block