urlscan.io logo urlscan.io
SecurityTrails logo

web-loan-application-staging.bigbank.se Open in urlscan Pro
2606:4700::6812:349  Public Scan

Go To Rescan Add Verdict Report
URL: https://web-loan-application-staging.bigbank.se/
Submission: On September 01 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 27 HTTP transactions. The main IP is 2606:4700::6812:349, located in United States and belongs to CLOUDFLARENET, US. The main domain is web-loan-application-staging.bigbank.se.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 21st 2021. Valid for: a year.
This is the only time web-loan-application-staging.bigbank.se was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 2606:4700::68... 13335 (CLOUDFLAR...)
2 2001:678:6a0:... 207647 (INTENTION-AS)
1 9 104.16.169.131 13335 (CLOUDFLAR...)
2 185.235.160.8 204411 (BIGBANK)
27 5
Domain Requested by
12 web-loan-application-staging.bigbank.se web-loan-application-staging.bigbank.se
6 newassets.hcaptcha.com web-loan-application-staging.bigbank.se
hcaptcha.com
newassets.hcaptcha.com
3 hcaptcha.com 1 redirects newassets.hcaptcha.com
2 apm.bigbank.eu web-loan-application-staging.bigbank.se
2 bigbank.uriports.com web-loan-application-staging.bigbank.se
0 login-service-central-staging.dca.origin.big.local Failed web-loan-application-staging.bigbank.se
27 6

This site contains links to these domains. Also see Links.

Domain
www.bigbank.se
static.bigbank.se
Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-21 -
2022-06-20		 a year crt.sh
*.uriports.com
Sectigo RSA Domain Validation Secure Server CA		 2021-03-08 -
2022-03-20		 a year crt.sh
apm.bigbank.eu
R3		 2021-08-03 -
2021-11-01		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://web-loan-application-staging.bigbank.se/
Frame ID: C2897B9F521F947BD2C2BF5CDEE8CF0A
Requests: 18 HTTP requests in this frame

Frame: https://login-service-central-staging.dca.origin.big.local/heartbeat
Frame ID: BD617E5341CF8D4577F8CF16A8534710
Requests: 1 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
Frame ID: F137216C2D7E573C5D51E61C28800467
Requests: 2 HTTP requests in this frame

Frame: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
Frame ID: E19107285F40B185E2EDE1194691FD1A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Ansökan | Bigbank

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

27
Requests

89 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

5
IPs

4
Countries

771 kB
Transfer

2677 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 11
  • https://hcaptcha.com/1/api.js?render=explicit&onload=_hcaptchaOnLoad&hl=sv&sentry=true HTTP 302
  • https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha.js

27 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
web-loan-application-staging.bigbank.se/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
254a6812d48812128e1e1c373c866d3480b0acd80132a4e318850a92c9fc2c4c
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-71ca201a472721fb8317b477f0635d60' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
web-loan-application-staging.bigbank.se
:scheme
https
:path
/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:30 GMT
content-type
text/html; charset=UTF-8
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
set-cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; Path=/ 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e; path=/; HttpOnly; Secure
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-71ca201a472721fb8317b477f0635d60' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
cache-control
public, max-age=0 private
last-modified
Fri, 27 Aug 2021 12:04:51 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
687db4171d29c2b3-FRA
content-encoding
gzip
app.16920b0a.css
web-loan-application-staging.bigbank.se/css/ 		808 B
585 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/css/app.16920b0a.css
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ac78a6812da536d68dad174921c3a42f1692c3154f3cc7a0b30940be66540187
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/css/app.16920b0a.css
pragma
no-cache
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 27 Aug 2021 12:04:51 GMT
server
cloudflare
etag
W/"328-17b877f96b8"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
cf-ray
687db4183ee6c2b3-FRA
expires
Wed, 01 Sep 2021 14:09:31 GMT
chunk-vendors.54832e0a.css
web-loan-application-staging.bigbank.se/css/ 		241 KB
30 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0da8773c03348dd54b1c8ba87216b3065b9ddb8afea668107aaf6d0f13c81ef8
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/css/chunk-vendors.54832e0a.css
pragma
no-cache
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
text/css,*/*;q=0.1
cache-control
no-cache
sec-fetch-dest
style
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 27 Aug 2021 12:04:51 GMT
server
cloudflare
etag
W/"3c46d-17b877f96b8"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
cache-control
public, max-age=14400
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
cf-ray
687db4183ee9c2b3-FRA
expires
Wed, 01 Sep 2021 14:09:31 GMT
app.2d913425.js
web-loan-application-staging.bigbank.se/js/ 		128 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/js/app.2d913425.js
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
148fb1a965da50a0e213290746c7b0234fd2fe95c305bb3493e69cdfa092805a
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://web-loan-application-staging.bigbank.se
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
script
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
:path
/js/app.2d913425.js
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://web-loan-application-staging.bigbank.se
Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 27 Aug 2021 12:04:52 GMT
server
cloudflare
etag
W/"1fece-17b877f9aa0"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
cf-ray
687db4183eebc2b3-FRA
expires
Wed, 01 Sep 2021 14:09:31 GMT
chunk-vendors.aff65a36.js
web-loan-application-staging.bigbank.se/js/ 		1 MB
371 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/js/chunk-vendors.aff65a36.js
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
2772326191ee33d1a9b6385bf9ae351a34d7e6fa15337e596afbaf238da69d1f
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://web-loan-application-staging.bigbank.se
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
script
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
:path
/js/chunk-vendors.aff65a36.js
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://web-loan-application-staging.bigbank.se
Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 27 Aug 2021 12:04:52 GMT
server
cloudflare
etag
W/"176052-17b877f9aa0"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=14400
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
cf-ray
687db4183eecc2b3-FRA
expires
Wed, 01 Sep 2021 14:09:31 GMT
configuration.js
web-loan-application-staging.bigbank.se/ 		314 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/configuration.js
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
617c8c38d6c8f565a85ad41655a07be4cf2010bcba607fca1f99b5b8188dfdc1
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:path
/configuration.js
pragma
no-cache
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
accept-encoding
gzip, deflate, br
accept-language
en-US
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
sec-fetch-mode
no-cors
accept
*/*
cache-control
no-cache
sec-fetch-dest
script
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"13a-VRBtgwVhlt86eqv6naQsc0d3Li0"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=14400
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
cf-ray
687db4183eedc2b3-FRA
expires
Wed, 01 Sep 2021 14:09:31 GMT
report
bigbank.uriports.com/reports/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://bigbank.uriports.com/reports/report
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:678:6a0::3:101 Leningradskaya, Russian Federation, ASN207647 (INTENTION-AS, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/csp-report

Response headers
report
bigbank.uriports.com/reports/ 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://bigbank.uriports.com/reports/report
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2001:678:6a0::3:101 Leningradskaya, Russian Federation, ASN207647 (INTENTION-AS, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/csp-report

Response headers
heartbeat
login-service-central-staging.dca.origin.big.local/ Frame BD61 		0
0
GothamSSm-Bold.4efe66b7.otf
web-loan-application-staging.bigbank.se/fonts/ 		125 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/fonts/GothamSSm-Bold.4efe66b7.otf
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
0e0e1b11f791666161be1df51bf2c338d78de5fae98e9f1c7231dc5f02283cd5
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://web-loan-application-staging.bigbank.se
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
:path
/fonts/GothamSSm-Bold.4efe66b7.otf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://web-loan-application-staging.bigbank.se
Referer
https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 27 Aug 2021 12:04:51 GMT
server
cloudflare
etag
W/"1f548-17b877f96b8"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=14400
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
cf-ray
687db41bab59c2b3-FRA
expires
Wed, 01 Sep 2021 14:09:31 GMT
GothamSSm-Medium.f2afb4c3.otf
web-loan-application-staging.bigbank.se/fonts/ 		126 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/fonts/GothamSSm-Medium.f2afb4c3.otf
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
5613e4050d5f74507cedccde396912626e9bb945a5a95efc3ccd2e30b876c706
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://web-loan-application-staging.bigbank.se
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
:path
/fonts/GothamSSm-Medium.f2afb4c3.otf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://web-loan-application-staging.bigbank.se
Referer
https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 27 Aug 2021 12:04:51 GMT
server
cloudflare
etag
W/"1f604-17b877f96b8"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=14400
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
cf-ray
687db41bab5ac2b3-FRA
expires
Wed, 01 Sep 2021 14:09:31 GMT
GothamSSm-Book.5fd222f7.otf
web-loan-application-staging.bigbank.se/fonts/ 		124 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/fonts/GothamSSm-Book.5fd222f7.otf
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
97bd09001c0dc97c7f47c4bd7a2ed2ef2efe3d6264fae21e3622bdf49228acb2
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://web-loan-application-staging.bigbank.se
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
font
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
:path
/fonts/GothamSSm-Book.5fd222f7.otf
pragma
no-cache
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
:scheme
https
sec-fetch-site
same-origin
:method
GET
Origin
https://web-loan-application-staging.bigbank.se
Referer
https://web-loan-application-staging.bigbank.se/css/chunk-vendors.54832e0a.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
MISS
x-powered-by
Express
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 27 Aug 2021 12:04:52 GMT
server
cloudflare
etag
W/"1ee64-17b877f9aa0"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
font/otf
cache-control
public, max-age=14400
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
cf-ray
687db41bab5bc2b3-FRA
expires
Wed, 01 Sep 2021 14:09:31 GMT
hcaptcha.js
newassets.hcaptcha.com/captcha/v1/1eed1c2/
Redirect Chain
  • https://hcaptcha.com/1/api.js?render=explicit&onload=_hcaptchaOnLoad&hl=sv&sentry=true
  • https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha.js
82 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha.js
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da756be273d085e43e817a6db80ce11368f24a7230cd8352d62a954d333dae4
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
via
1.1 dc341d03bd5d53f09228219aec3f44e8.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
76382
cf-polished
origSize=84485
x-cache
Miss from cloudfront
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Tue, 31 Aug 2021 12:55:38 GMT
server
cloudflare
etag
W/"c741ae5800d89768248ae898a4941bac"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=1209600
x-amz-cf-pop
CDG50-C2
cf-ray
687db41c7b2a331c-CDG
x-amz-cf-id
x-FqDWKUGdhwAySrKXEmXlrYZzaNc5S_kmTw99kbrWD4vNlq1YHtoQ==
cf-bgj
minify

Redirect headers

date
Wed, 01 Sep 2021 10:09:31 GMT
x-content-type-options
nosniff
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
location
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha.js
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
strict-transport-security
max-age=2592000; includeSubDomains; preload
cf-ray
687db41c2aba331c-CDG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
expires
Thu, 01 Jan 1970 00:00:01 GMT
session
web-loan-application-staging.bigbank.se/api/v1/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/api/v1/session
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-3ce884260514ae3760849d1511110adc' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
:path
/api/v1/session
pragma
no-cache
traceparent
00-715740efad4ddcb86ec2dfda110c7aaf-3c6b030ea6bfda6f-01
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
application/json, text/plain, */*
cache-control
no-cache
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/
:scheme
https
sec-fetch-site
same-origin
:method
GET
Accept
application/json, text/plain, */*
Referer
https://web-loan-application-staging.bigbank.se/
traceparent
00-715740efad4ddcb86ec2dfda110c7aaf-3c6b030ea6bfda6f-01
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
referrer-policy
strict-origin-when-cross-origin
cf-cache-status
DYNAMIC
server
cloudflare
x-powered-by
Express
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
strict-transport-security
max-age=31536000; includeSubDomains; preload
session-expiry-datetime
2021-09-01T10:12:31.698Z
x-xss-protection
1; mode=block
etag
W/"a-bAsFyilMr4Ra1hIU5PyoyFRunpI"
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-3ce884260514ae3760849d1511110adc' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
set-cookie
loanorigination.sid=s%3A3n1rmZpP5TjqOgzmPuLks8_mLIkqt39s.5lSW9DjTWJ%2F8qCRNlfnjY1Ovy8DZCog3nRifvv6L2ok; Path=/; Expires=Wed, 01 Sep 2021 10:24:31 GMT; HttpOnly
cf-ray
687db41c2befc2b3-FRA
x-content-type-options
nosniff
pricing-conditions
web-loan-application-staging.bigbank.se/api/v2/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/api/v2/pricing-conditions
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f7a5f8215932251b5d4a43465005307d2e74b590174f6b6aca26d61a8a4bb9cd
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-95769575ac14d82f06e513ef60681c7f' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://web-loan-application-staging.bigbank.se
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
content-length
2
:path
/api/v2/pricing-conditions
pragma
no-cache
traceparent
00-715740efad4ddcb86ec2dfda110c7aaf-c520ced9833fb10a-01
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json;charset=UTF-8
accept
application/json, text/plain, */*
cache-control
no-cache
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Accept
application/json, text/plain, */*
Referer
https://web-loan-application-staging.bigbank.se/
traceparent
00-715740efad4ddcb86ec2dfda110c7aaf-c520ced9833fb10a-01
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-powered-by
Express
session-expiry-datetime
2021-09-01T10:12:31.706Z
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"49a-GOBdJT5z6Y9BK+NgSiyXWaM7PwM"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-95769575ac14d82f06e513ef60681c7f' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
set-cookie
Authenticated=false; Path=/ loanorigination.sid=s%3AM5yItoen-oPNT-j8dw0-lmQveT4mipBY.CnvpPHRDE%2BuYYGAkNuD3uqcOWkuQ0x9gYM%2BBEePvi00; Path=/; Expires=Wed, 01 Sep 2021 10:24:31 GMT; HttpOnly
cf-ray
687db41c2bf3c2b3-FRA
hcaptcha-challenge.html
newassets.hcaptcha.com/captcha/v1/1eed1c2/static/ Frame F137 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
Requested by
Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?render=explicit&onload=_hcaptchaOnLoad&hl=sv&sentry=true
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1e67e381de0955a30a43141bfd00394996a1b36719543d432a44d35559bc8f8e
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
newassets.hcaptcha.com
:scheme
https
:path
/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://web-loan-application-staging.bigbank.se/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://web-loan-application-staging.bigbank.se/

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-type
text/html
last-modified
Tue, 31 Aug 2021 12:55:38 GMT
cache-control
max-age=1209600
x-cache
Hit from cloudfront
via
1.1 5321ce1f67b98139d1f43997aea9b44a.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-P1
x-amz-cf-id
HdccUUEGgZ4JyxWDHQnE6ifi418723A36-CsW9sZmDD3gu0R-25Z7g==
age
76382
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
687db41cee4540e1-CDG
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
hcaptcha-checkbox.html
newassets.hcaptcha.com/captcha/v1/1eed1c2/static/ Frame E191 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
Requested by
Host: hcaptcha.com
URL: https://hcaptcha.com/1/api.js?render=explicit&onload=_hcaptchaOnLoad&hl=sv&sentry=true
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9b5939e08068f659c962eb28acff7c85f9806c01aaf896306384b0c2cd8f576
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

:method
GET
:authority
newassets.hcaptcha.com
:scheme
https
:path
/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://web-loan-application-staging.bigbank.se/
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Referer
https://web-loan-application-staging.bigbank.se/

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-type
text/html
last-modified
Tue, 31 Aug 2021 12:55:38 GMT
cache-control
max-age=1209600
x-cache
Hit from cloudfront
via
1.1 bb6b0df3df96de0c607c1fbea30d39e4.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-P1
x-amz-cf-id
RYhXr_3_mMJQRLLZCf6j34HX7bIdy-kPfXVCYY1N2DH-VkM0UaeXdg==
age
76382
cf-cache-status
DYNAMIC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
687db41cee4640e1-CDG
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
calculate
web-loan-application-staging.bigbank.se/api/v1/loan/ 		71 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://web-loan-application-staging.bigbank.se/api/v1/loan/calculate
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:349 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
f5a70c11522628861834a7c36ca842cb6562fba35a2f50fee8ab40778cb83c6b
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-509b7a99a12e499ad41db37bc056d41d' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-fetch-mode
cors
origin
https://web-loan-application-staging.bigbank.se
accept-encoding
gzip, deflate, br
accept-language
en-US
sec-fetch-dest
empty
cookie
resourceCheck=71ca201a472721fb8317b477f0635d60; 42186f9fb6da9a1170b6e70aa14d42c1=00d7d89a6df73c3cad54662f2b90cc5e
content-length
159
:path
/api/v1/loan/calculate
pragma
no-cache
traceparent
00-715740efad4ddcb86ec2dfda110c7aaf-865dcf70e7a967f2-01
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
content-type
application/json;charset=UTF-8
accept
application/json, text/plain, */*
cache-control
no-cache
:authority
web-loan-application-staging.bigbank.se
referer
https://web-loan-application-staging.bigbank.se/
:scheme
https
sec-fetch-site
same-origin
:method
POST
Accept
application/json, text/plain, */*
Referer
https://web-loan-application-staging.bigbank.se/
traceparent
00-715740efad4ddcb86ec2dfda110c7aaf-865dcf70e7a967f2-01
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json;charset=UTF-8

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-powered-by
Express
session-expiry-datetime
2021-09-01T10:12:31.782Z
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"47-Gf78RxkXmAGCcpLM85MbgT3ydWQ"
expect-ct
enforce, max-age=30, report-uri="https://bigbank.uriports.com/reports/report"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
content-security-policy
child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-509b7a99a12e499ad41db37bc056d41d' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
set-cookie
Authenticated=false; Path=/ loanorigination.sid=s%3AMkHdP_2lk6RqVWliMxMmN0X3B9Yg-ovL.YYdN2hfr%2FG4iQ7b6JJ6YU0zseMoSChRh6ojoFNNuhxQ; Path=/; Expires=Wed, 01 Sep 2021 10:24:31 GMT; HttpOnly
cf-ray
687db41ccc91c2b3-FRA
sv.json
newassets.hcaptcha.com/captcha/v1/1eed1c2/static/i18n/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/i18n/sv.json
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c1140bd5a44db11840d1eeb81401090704993b1d02cb04e7095f155eda7f506
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
via
1.1 575cacb0734545eaea94b948deff0e06.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-amz-cf-pop
CDG50-P1
x-cache
Miss from cloudfront
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Tue, 31 Aug 2021 12:55:47 GMT
server
cloudflare
etag
W/"a9409f3a1ff4d45b2df0b8669d6fe366"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json
access-control-allow-origin
*
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control
max-age=1209600
cf-ray
687db41cffdb40cf-CDG
x-amz-cf-id
z_nhpoFJd7VdvRukC85NbGueZPg60JsgH_65tAVjdP5B4ebXhd2BSw==
hcaptcha-challenge.js
newassets.hcaptcha.com/captcha/v1/1eed1c2/ Frame F137 		210 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha-challenge.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
37bb7a2abfa6b9b0f99ba790a5053dc48a49fdb9eb66da2d999fd8eb80bae617
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-challenge.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
via
1.1 8ec8677d5cf25165bc2fa9ae18c6af67.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
76382
cf-polished
origSize=215057
x-cache
Miss from cloudfront
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Tue, 31 Aug 2021 12:55:37 GMT
server
cloudflare
etag
W/"e2f755cd70354f6706ff8d3c365b35e2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=1209600
x-amz-cf-pop
CDG50-C2
cf-ray
687db41d1e8a40e1-CDG
x-amz-cf-id
uWxBXpMDirjEQ3YUr_LRdsKr7LO2jLhnPtOhUH_N5Fcr8fB0vEkDsQ==
cf-bgj
minify
hcaptcha-checkbox.js
newassets.hcaptcha.com/captcha/v1/1eed1c2/ Frame E191 		129 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha-checkbox.js
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b15492aadc05d1b2d28015ba2de8d941fdd8b07ea5d4c8dd106839aec1ebdab
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://newassets.hcaptcha.com/captcha/v1/1eed1c2/static/hcaptcha-checkbox.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
via
1.1 39ad38d8b46ff615114a41c5b27b6a16.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
age
76381
cf-polished
origSize=132272
x-cache
Miss from cloudfront
content-encoding
gzip
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
last-modified
Tue, 31 Aug 2021 12:55:38 GMT
server
cloudflare
etag
W/"5cf201d5956fba85fc2a8b16a1ba8cc9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
content-type
application/javascript
vary
Accept-Encoding
cache-control
max-age=1209600
x-amz-cf-pop
CDG50-C2
cf-ray
687db41d2e9640e1-CDG
x-amz-cf-id
NxhCJu3Th90MArRkctcVkEnKUV7vOgOfu3mIEKncGPuZiCWJnY0aaw==
cf-bgj
minify
check
login-service-central-staging.dca.origin.big.local/login/ 		0
0
truncated
/ Frame E191 		798 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Type
image/png
checksiteconfig
hcaptcha.com/ Frame E191 		13 B
471 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://hcaptcha.com/checksiteconfig?host=web-loan-application-staging.bigbank.se&sitekey=10000000-ffff-ffff-ffff-000000000001&sc=1&swa=1
Requested by
Host: newassets.hcaptcha.com
URL: https://newassets.hcaptcha.com/captcha/v1/1eed1c2/hcaptcha-checkbox.js
Protocol
H3-29
Security
QUIC, , AES_128_GCM
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad00b72af52a8d00e632f51a6de4ddacc1b8f02624dbca54c45edb029417d9d1
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Cache-Control
no-cache
Referer
https://newassets.hcaptcha.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/json; charset=utf-8

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
x-content-type-options
nosniff
server
cloudflare
access-control-allow-headers
Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
cf-chl-bypass
2
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, HEAD, POST, OPTIONS
content-type
application/json
access-control-allow-origin
https://newassets.hcaptcha.com
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-allow-credentials
true
strict-transport-security
max-age=2592000; includeSubDomains; preload
cf-ray
687db41dffdc40e1-CDG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
content-length
13
checksiteconfig
hcaptcha.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://hcaptcha.com/checksiteconfig?host=web-loan-application-staging.bigbank.se&sitekey=10000000-ffff-ffff-ffff-000000000001&sc=1&swa=1
Protocol
H3-29
Server
104.16.169.131 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
cache-control,content-type
Origin
https://newassets.hcaptcha.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Wed, 01 Sep 2021 10:09:31 GMT
content-length
0
access-control-allow-origin
https://newassets.hcaptcha.com
vary
Origin, Accept-Encoding
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control, Content-Type, DNT, Referer, User-Agent, challenge-bypass-token, cf-chl-bypass, challenge-bypass-token, challenge-bypass-host, challenge-bypass-path
access-control-allow-methods
GET, HEAD, POST, OPTIONS
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=2592000; includeSubDomains; preload
x-content-type-options
nosniff
server
cloudflare
cf-ray
687db41dd95f40cf-CDG
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
events
apm.bigbank.eu/intake/v2/rum/ 		0
231 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apm.bigbank.eu/intake/v2/rum/events
Requested by
Host: web-loan-application-staging.bigbank.se
URL: https://web-loan-application-staging.bigbank.se/js/chunk-vendors.aff65a36.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, CHACHA20_POLY1305
Server
185.235.160.8 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Content-Encoding
gzip
Referer
https://web-loan-application-staging.bigbank.se/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Content-Type
application/x-ndjson

Response headers

Access-Control-Allow-Origin
https://web-loan-application-staging.bigbank.se
Date
Wed, 01 Sep 2021 10:09:32 GMT
X-Content-Type-Options
nosniff
Server
nginx
Connection
keep-alive
Content-Length
0
events
apm.bigbank.eu/intake/v2/rum/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://apm.bigbank.eu/intake/v2/rum/events
Protocol
HTTP/1.1
Server
185.235.160.8 , Estonia, ASN204411 (BIGBANK, EE),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Method
POST
Access-Control-Request-Headers
content-encoding,content-type
Origin
https://web-loan-application-staging.bigbank.se
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

Server
nginx
Date
Wed, 01 Sep 2021 10:09:32 GMT
Content-Length
0
Connection
keep-alive
Access-Control-Allow-Headers
Content-Type, Content-Encoding, Accept
Access-Control-Allow-Methods
POST, OPTIONS
Access-Control-Allow-Origin
https://web-loan-application-staging.bigbank.se
Access-Control-Expose-Headers
Etag
Access-Control-Max-Age
3600
Vary
Origin
X-Content-Type-Options
nosniff

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
login-service-central-staging.dca.origin.big.local
URL
https://login-service-central-staging.dca.origin.big.local/heartbeat
Domain
login-service-central-staging.dca.origin.big.local
URL
https://login-service-central-staging.dca.origin.big.local/login/check

Verdicts & Comments Add Verdict or Comment

21 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated object| config object| webpackJsonp object| core object| elasticApm function| _hcaptchaOnLoad object| hcaptcha object| grecaptcha

3 Cookies

Domain/Path Name / Value
web-loan-application-staging.bigbank.se/ Name: loanorigination.sid
Value: s%3A3n1rmZpP5TjqOgzmPuLks8_mLIkqt39s.5lSW9DjTWJ%2F8qCRNlfnjY1Ovy8DZCog3nRifvv6L2ok
web-loan-application-staging.bigbank.se/ Name: 42186f9fb6da9a1170b6e70aa14d42c1
Value: 00d7d89a6df73c3cad54662f2b90cc5e
web-loan-application-staging.bigbank.se/ Name: resourceCheck
Value: 71ca201a472721fb8317b477f0635d60

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy child-src 'self' blob:; connect-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.google.com https://*.doubleclick.net https://*.hotjar.com https://*.hotjar.io ws: wss: https://*.big.local https://hcaptcha.com https://*.hcaptcha.com; default-src 'self'; img-src 'self' blob: data: https://*.google-analytics.com https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.gstatic.com https://*.hotjar.com https://*.googletagmanager.com https://*.google.ee https://*.google.se; font-src 'self' data:; form-action 'self' https://*.facebook.net; frame-ancestors 'none'; frame-src 'self' https://*.hotjar.com https://*.big.local https://*.bigbank.eu https://hcaptcha.com https://*.hcaptcha.com https://login-service-central-staging.dca.origin.big.local; object-src 'self'; script-src 'self' https://*.google-analytics.com https://*.bigbank.eu https://*.doubleclick.net https://*.facebook.net https://*.google.com https://*.hotjar.com http://*.hotjar.com https://*.googletagmanager.com https://*.googleadservices.com https://hcaptcha.com https://*.hcaptcha.com 'nonce-71ca201a472721fb8317b477f0635d60' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' 'sha256-ByHHbZAg0XmuH3Qfugp5cOpt+T18agScr1Zr7RHwCU8='; style-src 'self' 'unsafe-inline' https://*.google.com https://fonts.googleapis.com https://hcaptcha.com https://*.hcaptcha.com; report-uri https://bigbank.uriports.com/reports/report; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apm.bigbank.eu
bigbank.uriports.com
hcaptcha.com
login-service-central-staging.dca.origin.big.local
newassets.hcaptcha.com
web-loan-application-staging.bigbank.se
login-service-central-staging.dca.origin.big.local
104.16.169.131
185.235.160.8
2001:678:6a0::3:101
2606:4700::6812:349
0da8773c03348dd54b1c8ba87216b3065b9ddb8afea668107aaf6d0f13c81ef8
0e0e1b11f791666161be1df51bf2c338d78de5fae98e9f1c7231dc5f02283cd5
148fb1a965da50a0e213290746c7b0234fd2fe95c305bb3493e69cdfa092805a
1e67e381de0955a30a43141bfd00394996a1b36719543d432a44d35559bc8f8e
254a6812d48812128e1e1c373c866d3480b0acd80132a4e318850a92c9fc2c4c
2772326191ee33d1a9b6385bf9ae351a34d7e6fa15337e596afbaf238da69d1f
2b15492aadc05d1b2d28015ba2de8d941fdd8b07ea5d4c8dd106839aec1ebdab
37bb7a2abfa6b9b0f99ba790a5053dc48a49fdb9eb66da2d999fd8eb80bae617
5613e4050d5f74507cedccde396912626e9bb945a5a95efc3ccd2e30b876c706
57cafa49fb677c3f09d6e90b051917d10e7bb54e83102a25f3d32b06e8fa59a7
617c8c38d6c8f565a85ad41655a07be4cf2010bcba607fca1f99b5b8188dfdc1
6c1140bd5a44db11840d1eeb81401090704993b1d02cb04e7095f155eda7f506
8da756be273d085e43e817a6db80ce11368f24a7230cd8352d62a954d333dae4
97bd09001c0dc97c7f47c4bd7a2ed2ef2efe3d6264fae21e3622bdf49228acb2
ac78a6812da536d68dad174921c3a42f1692c3154f3cc7a0b30940be66540187
ad00b72af52a8d00e632f51a6de4ddacc1b8f02624dbca54c45edb029417d9d1
d9b5939e08068f659c962eb28acff7c85f9806c01aaf896306384b0c2cd8f576
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f5a70c11522628861834a7c36ca842cb6562fba35a2f50fee8ab40778cb83c6b
f7a5f8215932251b5d4a43465005307d2e74b590174f6b6aca26d61a8a4bb9cd