www.santanderconsumer.se Open in urlscan Pro
109.68.88.245 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
Submission Tags: @phishunt_io
Submission: On November 21 via api (November 21st 2020, 10:29:55 am UTC) from ES

Summary HTTP 52 Redirects Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 4 domains to perform 52 HTTP transactions. The main IP is 109.68.88.245, located in Norway and belongs to BASEFARM-ASN Oslo - Norway, NO. The main domain is www.santanderconsumer.se.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 22nd 2019. Valid for: 2 years.

This is the only time www.santanderconsumer.se was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
27	109.68.88.245 109.68.88.245	25148 (BASEFARM-...) (BASEFARM-ASN Oslo - Norway)
1	2a00:1450:400... 2a00:1450:4001:818::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:824::200e	15169 (GOOGLE) (GOOGLE)
21	3.123.81.162 3.123.81.162	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:803::200e	15169 (GOOGLE) (GOOGLE)
52	6

27 109.68.88.245 (Norway)

ASN25148 (BASEFARM-ASN Oslo - Norway, NO)
PTR: scb-sewe-vip.osl.basefarm.net

www.santanderconsumer.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:824::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.youtube.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 3.123.81.162 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com

api.santanderconsumer.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
auth.santanderconsumer.se	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

s.ytimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
48	santanderconsumer.se www.santanderconsumer.se api.santanderconsumer.se auth.santanderconsumer.se	1 MB
1	ytimg.com s.ytimg.com	37 KB
1	youtube.com www.youtube.com	1 KB
1	googletagmanager.com www.googletagmanager.com	52 KB
52	4

	Domain	Requested by
27	www.santanderconsumer.se	www.santanderconsumer.se
17	api.santanderconsumer.se	www.santanderconsumer.se
4	auth.santanderconsumer.se	www.santanderconsumer.se
1	s.ytimg.com	www.youtube.com
1	www.youtube.com	www.santanderconsumer.se
1	www.googletagmanager.com	www.santanderconsumer.se
52	6

This site contains no links.

Subject Issuer	Validity	Valid
www.santanderconsumer.se DigiCert SHA2 Extended Validation Server CA	`2019-02-22` - `2021-02-26`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2020-11-03` - `2021-01-26`	3 months	crt.sh
api.santanderconsumer.se DigiCert SHA2 High Assurance Server CA	`2020-08-25` - `2022-11-28`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
Frame ID: 1AFC09CC5772BF1C05F76E352976491F
Requests: 43 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Page Statistics

52
Requests

98 %
HTTPS

60 %
IPv6

4
Domains

6
Subdomains

6
IPs

2
Countries

1509 kB
Transfer

3643 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

52 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set ansok-om-privatlan Show response
www.santanderconsumer.se/lana/privatlan/ 50 KB
18 KB 801ms
97ms Document
text/html 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

b3a0f9443f2dd66f0535d10a162cf1fb470975baf5f7f9f4cbee3bb08c7a280e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.santanderconsumer.se
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: ASP.NET_SessionId=mvich30m0nae0yvvkv5yqn4e; path=/; secure; HttpOnly; SameSite=Lax
X-Frame-Options: SAMEORIGIN
Referrer-Policy: no-referrer-when-downgrade
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Sat, 21 Nov 2020 10:29:38 GMT
Content-Length: 16772

GET
H/1.1 200
OK site.min.css
www.santanderconsumer.se/assets/styles/ 123 KB
30 KB 45ms
35ms Stylesheet
text/css 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/styles/site.min.css?v=1.24.0.0

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

666ee21eb8db222d7d62af7499ead6f949d21e9feef590b6c65ea09b1be2cca0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:36 GMT
ETag: "1d6bdc0bd390a82"
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 29323
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK initialstate.js Show response
www.santanderconsumer.se/assets/scripts/ 118 B
2 KB 80ms
28ms Script
application/javascript 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/scripts/initialstate.js?v=1.24.0.0

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

a51a092493d58b31dbeb3ed32112fe81dec98b300061ae7e732c5a4dfa5bcc59

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:24 GMT
ETag: "1d6bdc0b611d276"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 217
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK site.min.js Show response
www.santanderconsumer.se/assets/scripts/ 302 KB
96 KB 106ms
50ms Script
application/javascript 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/scripts/site.min.js?v=1.24.0.0

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

bfa4ae50848edfd0ae292138884ff3eaf8a6e90c08fe8a8d6226aa7f75340820

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 21 Nov 2020 10:29:38 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:26 GMT
ETag: "1d6bdc0b746492c"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: public,max-age=31536000
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK lazysizes.min.js Show response
www.santanderconsumer.se/assets/scripts/ 7 KB
5 KB 83ms
27ms Script
application/javascript 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/scripts/lazysizes.min.js?v=1.24.0.0

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

2fdac304542f3700c2dad87b14331cf5f600d300c957d43f32e8009d93729067

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:24 GMT
ETag: "1d6bdc0b611c884"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 3849
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK santander-logo-horisontal.svg
www.santanderconsumer.se/assets/images/ 6 KB
8 KB 43ms
26ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/images/santander-logo-horisontal.svg

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

9d15d936b8dd40b25573bafaae9eebb0e5c76ae46c040e2c9a53403546b20fca

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:24 GMT
ETag: "1d6bdc0b611cb49"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 6473
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK vendors.bundle.js Show response
www.santanderconsumer.se/assets/scripts/bundles/ 2 MB
729 KB 49ms
48ms Script
application/javascript 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

1bbf91bd3123fc5261ec7d5969d5e4c37569da629b46e07a86ddb43b8063d92e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 21 Nov 2020 10:29:38 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:36 GMT
ETag: "1d6bdc0bd26060a"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: public,max-age=31536000
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK cookie-consent.bundle.js Show response
www.santanderconsumer.se/assets/scripts/bundles/ 65 KB
20 KB 45ms
44ms Script
application/javascript 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/scripts/bundles/cookie-consent.bundle.js?v=1.24.0.0

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

0e4bad7e24f4503061fca1eba2c47ea5a5450194559f6f55bd506e071bbdc1cc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:26 GMT
ETag: "1d6bdc0b743fc32"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Content-Length: 19270
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK loan-application-se.bundle.js Show response
www.santanderconsumer.se/assets/scripts/bundles/ 501 KB
131 KB 86ms
38ms Script
application/javascript 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/scripts/bundles/loan-application-se.bundle.js?v=1.24.0.0

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

05eafe9bdac8520e7f9342650f79c48385578ec58dbd2d5c4aef23203274923c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 21 Nov 2020 10:29:38 GMT
Content-Encoding: gzip
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:24 GMT
ETag: "1d6bdc0b6160091"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: public,max-age=31536000
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 165 KB
52 KB 30ms
29ms Script
application/javascript 2a00:1450:4001:818::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WCG6JW

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

594ea35f8776dc287917c056ab1f60b1a2e688baf14c33154f06239d6e2d2bd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 21 Nov 2020 10:29:38 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 53611
x-xss-protection: 0
last-modified: Sat, 21 Nov 2020 09:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sat, 21 Nov 2020 10:29:38 GMT

GET
H/1.1 200
OK santandertextw05-regular.woff2
www.santanderconsumer.se/assets/fonts/ 46 KB
47 KB 49ms
29ms Font
application/font-woff2 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/fonts/santandertextw05-regular.woff2

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/styles/site.min.css?v=1.24.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.santanderconsumer.se
Referer: https://www.santanderconsumer.se/assets/styles/site.min.css?v=1.24.0.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:24 GMT
ETag: "1d6bdc0b6116430"
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 46640
X-Content-Type-Options: nosniff

GET
H2 200 iframe_api Show response
www.youtube.com/ 859 B
1 KB 48ms
29ms Script
application/javascript 2a00:1450:4001:824::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.youtube.com/iframe_api

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/site.min.js?v=1.24.0.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

YouTube Frontend Proxy /

Resource Hash

cf8caa4bc984e80bedaf7605fcba8eeb393144855916ca37a9e3878776f4099d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Sat, 21 Nov 2020 10:29:38 GMT
x-content-type-options: nosniff
server: YouTube Frontend Proxy
p3p: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
cache-control: no-cache
content-type: application/javascript
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 859
x-xss-protection: 0
expires: Tue, 27 Apr 1971 19:44:06 GMT

GET
H/1.1 200
OK santandertextw05-bold.woff2
www.santanderconsumer.se/assets/fonts/ 48 KB
50 KB 27ms
27ms Font
application/font-woff2 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/fonts/santandertextw05-bold.woff2

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/styles/site.min.css?v=1.24.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.santanderconsumer.se
Referer: https://www.santanderconsumer.se/assets/styles/site.min.css?v=1.24.0.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:24 GMT
ETag: "1d6bdc0b6116db0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 49072
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK santanderheadlinew05-bold.woff2
www.santanderconsumer.se/assets/fonts/ 48 KB
49 KB 28ms
27ms Font
application/font-woff2 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/assets/fonts/santanderheadlinew05-bold.woff2

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/styles/site.min.css?v=1.24.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

d9292f5aeb67c87cd795b51fcd918e5d2b5a5adb7fa66659e82ad4b67471e6d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://www.santanderconsumer.se
Referer: https://www.santanderconsumer.se/assets/styles/site.min.css?v=1.24.0.0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Wed, 18 Nov 2020 16:37:24 GMT
ETag: "1d6bdc0b6116cf4"
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2
Access-Control-Allow-Origin: *
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Length: 48884
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK appconfig.json Show response
www.santanderconsumer.se/ 247 B
2 KB 28ms
28ms XHR
application/json 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/appconfig.json

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

2b303a7379baa0e733d1e22c075cdabd9d7b285d5f234a3663a33c315116a1a4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 19 Nov 2020 06:10:09 GMT
ETag: "739f8ca23abed61:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Cache-Control: max-age=86400
Date: Sat, 21 Nov 2020 10:29:38 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 247
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK moneyhand.svg
www.santanderconsumer.se/assets/493125/siteassets/pictogram/ 6 KB
8 KB 26ms
26ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/493125/siteassets/pictogram/moneyhand.svg

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

a4f9df55a70d95d678f7e8e2722c4baa9fe53fd00759c54ed9108899650d7c01

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D4C9339AE80900"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 6102
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK appconfig.json Show response
www.santanderconsumer.se/ 247 B
2 KB 27ms
27ms XHR
application/json 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/appconfig.json

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

2b303a7379baa0e733d1e22c075cdabd9d7b285d5f234a3663a33c315116a1a4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 19 Nov 2020 06:10:09 GMT
ETag: "739f8ca23abed61:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Cache-Control: max-age=86400
Date: Sat, 21 Nov 2020 10:29:38 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 247
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK appconfig.json Show response
www.santanderconsumer.se/ 247 B
2 KB 31ms
31ms XHR
application/json 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to

Full URL

https://www.santanderconsumer.se/appconfig.json

Requested by

Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

2b303a7379baa0e733d1e22c075cdabd9d7b285d5f234a3663a33c315116a1a4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
Last-Modified: Thu, 19 Nov 2020 06:10:09 GMT
ETag: "739f8ca23abed61:0"
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Cache-Control: max-age=86400
Date: Sat, 21 Nov 2020 10:29:38 GMT
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 247
X-XSS-Protection: 1; mode=block

GET
DATA 200
OK truncated
/ 118 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0c991bee2fbe71996ae52f98bca5f746184c243964f7ee3d71a8fa0da7242e82

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK countries Show response
api.santanderconsumer.se/consumerloan/api/ 8 KB
9 KB 142ms
141ms XHR
application/json 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/api/countries
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 2f40220d15e77a709257024e5c2c5654d32d6d6d03946d5b85a684cf9df638f5

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
api-version: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
X-CorrelationId: 873e79b8-bf54-4de5-a9a8-d72004be15e1
Server: Microsoft-IIS/8.5
X-RequestId: 66f2ebff-fc68-47e9-9b15-84e2db9c7897
X-Powered-By: ASP.NET
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
api-supported-versions: 1.0
Cache-Control: no-store
Connection: keep-alive
Content-Length: 8290

OPTIONS
H/1.1 200
OK countries
api.santanderconsumer.se/consumerloan/api/ 0
0 124ms
32ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/api/countries
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: api-version
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: api.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: api-version
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Rehost: services-se.scb.osl.basefarm.net
X-Forwarded-Host: api.santanderconsumer.se
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Headers: origin, x-affiliateid, x-requested-with, x-sessionid, accept, api-version, authorization, content-type
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK token Show response
auth.santanderconsumer.se/connect/ 748 B
1 KB 138ms
138ms XHR
application/json 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.santanderconsumer.se/connect/token
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bf45d7c2bcfd473fcce5919c48eef9bcc5531f5fe1c8f86feec7a5b70b35b85e

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Authorization: Basic R3RNZlFXM213ekV2U1BaNTEyNzVNYVdqdUhWTkJVWHo6R2lLZEtHZXVNbWtjeWVBNg==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: origin, x-requested-with, accept, api-version, authorization
Content-Length: 748

OPTIONS
H/1.1 200
OK token
auth.santanderconsumer.se/connect/ 0
0 133ms
32ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.santanderconsumer.se/connect/token
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: auth.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: origin, x-requested-with, accept, api-version, authorization
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE

POST
H/1.1 200
OK token Show response
auth.santanderconsumer.se/connect/ 748 B
1 KB 137ms
137ms XHR
application/json 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.santanderconsumer.se/connect/token
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 80d6cbb92b4edf205d3a41b09bca448bc79fabfa0602d2c09e290783aa8b4510

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Authorization: Basic R3RNZlFXM213ekV2U1BaNTEyNzVNYVdqdUhWTkJVWHo6R2lLZEtHZXVNbWtjeWVBNg==
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Content-Type: application/json
Access-Control-Allow-Origin: *
Connection: keep-alive
Access-Control-Allow-Headers: origin, x-requested-with, accept, api-version, authorization
Content-Length: 748

OPTIONS
H/1.1 200
OK token
auth.santanderconsumer.se/connect/ 0
0 133ms
34ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://auth.santanderconsumer.se/connect/token
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: auth.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: authorization
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: origin, x-requested-with, accept, api-version, authorization
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE

GET
H2 200 www-widgetapi.js Show response
s.ytimg.com/yts/jsbin/www-widgetapi-vflkHHIwh/ 100 KB
37 KB 28ms
6ms Script
text/javascript 2a00:1450:4001:803::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://s.ytimg.com/yts/jsbin/www-widgetapi-vflkHHIwh/www-widgetapi.js

Requested by

Host: www.youtube.com
URL: https://www.youtube.com/iframe_api

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f426ae0be9f5d29baff04654569e7084ff8ce9439f907d6cf8c98ffb9ba9fabd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Thu, 19 Nov 2020 16:43:45 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 150354
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 37016
x-xss-protection: 0
last-modified: Thu, 19 Nov 2020 16:32:25 GMT
server: sffe
vary: Accept-Encoding, Origin
content-type: text/javascript
cache-control: public, max-age=691200
accept-ranges: bytes
timing-allow-origin: https://www.youtube.com
expires: Fri, 27 Nov 2020 16:43:45 GMT

GET
H/1.1 200
OK executives_01_right.svg
www.santanderconsumer.se/assets/4a4789/siteassets/illustrationer/ 4 KB
6 KB 44ms
42ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/4a4789/siteassets/illustrationer/executives_01_right.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

10d8e179d09974d8bed33027b04b0be252d6f9c255eaf71b13b7b37fd74029bf

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D64419CC82BE80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 4479
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK laptopsitting-01.svg
www.santanderconsumer.se/assets/493347/siteassets/illustrationer/ 13 KB
15 KB 44ms
43ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/493347/siteassets/illustrationer/laptopsitting-01.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

bae6ff65877fb5921740b17b444ec5d9069da652c2db24741a052498257cd420

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D4C954A3047080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 13624
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK family-01-left.svg
www.santanderconsumer.se/assets/49d9c7/siteassets/illustrationer/ 8 KB
9 KB 43ms
41ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/49d9c7/siteassets/illustrationer/family-01-left.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

919da797e1b3aa535249caf623941f13cad03114c9b83dc6f8586419539f4aac

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D64416CCCD8A80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 7899
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK couple-laptop_01.svg
www.santanderconsumer.se/assets/4a6f55/siteassets/illustrationer/ 7 KB
8 KB 43ms
42ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/4a6f55/siteassets/illustrationer/couple-laptop_01.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

aa314162757d804d9dcb5247d62ab631a3f41f1aaa4a97a30b488eef422c455a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D5618377740580"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 6709
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK segway-03.svg
www.santanderconsumer.se/assets/49d6d6/siteassets/illustrationer/ 13 KB
14 KB 48ms
47ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/49d6d6/siteassets/illustrationer/segway-03.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

a1f8d5452f4459ca4b6294fc591f8a7e3d3618582adbffe66a778c0b0bfd94a8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D4C954A3047080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 12941
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK scrolling-01.svg
www.santanderconsumer.se/assets/492f6e/siteassets/illustrationer/ 14 KB
16 KB 61ms
59ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/492f6e/siteassets/illustrationer/scrolling-01.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

68648e168f064fc8cf404257a8302c02df730c493a01f7e1a309f3c2015bda5c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D4C954A3047080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 14483
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK scrolling-panorama.svg
www.santanderconsumer.se/assets/49d90d/siteassets/illustrationer-content/ 16 KB
17 KB 39ms
37ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/49d90d/siteassets/illustrationer-content/scrolling-panorama.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

df139672a44b7828b69f5ea9e627364c7f7c24dc530b6c7249a91557d4421f19

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D643F2B6ADD300"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 15945
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK phone-square-v.3.svg
www.santanderconsumer.se/assets/49d934/siteassets/illustrationer/ 7 KB
8 KB 39ms
37ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/49d934/siteassets/illustrationer/phone-square-v.3.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

34c39cb9390c7768d64d72c8c4c7ae6a64a2842ddda5f465fb4c79aa84049765

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D643F30D1B1180"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 6795
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK segway-02.svg
www.santanderconsumer.se/assets/492f81/siteassets/illustrationer/ 13 KB
14 KB 39ms
36ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/492f81/siteassets/illustrationer/segway-02.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

7e6b8cba0e83b72faa6d02cdf31aa13f9dade796827c36623742bcb51b0f15a7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D4C954A3047080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 12941
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK oncomputer-01.svg
www.santanderconsumer.se/assets/493357/siteassets/illustrationer/ 9 KB
11 KB 39ms
36ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/493357/siteassets/illustrationer/oncomputer-01.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

d630578c33dfe6bc3872c8f2f29730590cdb485ee5e843b6d9370a699b9cd052

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D4C954A3047080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 9166
X-Content-Type-Options: nosniff

GET
H/1.1 200
OK ponytail-phone-01.svg
www.santanderconsumer.se/assets/492f0d/siteassets/illustrationer/ 13 KB
15 KB 39ms
39ms Image
image/svg+xml 109.68.88.245
Norway

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.santanderconsumer.se/assets/492f0d/siteassets/illustrationer/ponytail-phone-01.svg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_CBC

Server

109.68.88.245 , Norway, ASN25148 (BASEFARM-ASN Oslo - Norway, NO),

Reverse DNS

scb-sewe-vip.osl.basefarm.net

Software

Resource Hash

d045b9b0a595d28ed3a2e5eb066ed0321d668fa12def47188a26248fff4b579f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.google.com *.gstatic.com googleads.g.doubleclick.net www.googleadservices.com *.vimeocdn.com *.vimeo.com vimeo.com *.ytimg.com *.youtube.com *.hotjar.com *.facebook.net *.crazyegg.com *.giosg.com *.giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' *.santanderconsumer.se *.google.com *.vimeo.com *.facebook.com *.santanders.se *.hotjar.com *.doubleclick.net www.youtube.com optimize.google.com *.giosg.com *.giosgusercontent.com; child-src 'self' *.hotjar.com; img-src * 'self' data: *.hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com *.giosg.com *.giosgusercontent.com; connect-src wss://*.santanderconsumer.se *.santanderconsumer.se *.hotjar.io *.hotjar.com wss://*.hotjar.com *.crazyegg.com wss://*.crazyegg.com *.giosg.com *.giosgusercontent.com *.google-analytics.com 'self'; font-src 'self' *.hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Referrer-Policy: no-referrer-when-downgrade
ETag: "1D4C954A3047080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml
X-XSS-Protection: 1; mode=block
Cache-Control: public,max-age=31536000
Date: Sat, 21 Nov 2020 10:29:38 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 13316
X-Content-Type-Options: nosniff

OPTIONS
H/1.1 200
OK loan-calculations
api.santanderconsumer.se/consumerloan/loan-calculation/ 0
0 33ms
32ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/loan-calculation/loan-calculations?AnnualInterestRate=5.95&PeriodFee=0&StartingFee=0&LengthOfLoanTermStepInMonths=12&FromMonth=24&ToMonth=144&FromAmount=10000&ToAmount=350000&LengthOfAmountStep=5000
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: api-version,authorization
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: api.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: api-version,authorization
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Rehost: services-se.scb.osl.basefarm.net
X-Forwarded-Host: api.santanderconsumer.se
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Headers: origin, x-affiliateid, x-requested-with, x-sessionid, accept, api-version, authorization, content-type
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true

GET
H/1.1 200
OK loan-calculations Show response
api.santanderconsumer.se/consumerloan/loan-calculation/ 73 KB
74 KB 253ms
217ms XHR
application/json 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/loan-calculation/loan-calculations?AnnualInterestRate=5.95&PeriodFee=0&StartingFee=0&LengthOfLoanTermStepInMonths=12&FromMonth=24&ToMonth=144&FromAmount=10000&ToAmount=350000&LengthOfAmountStep=5000
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 1aff31acdc48045780d3a9e5b0ae7d838d698f1e01ff4284e32c19fa2fecef94

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Authorization: Bearer 25762f6884cb6fc1b7abbef7fa8f666df342186f022cec7deb38e4e38c9a597a
api-version: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
X-CorrelationId: 61e9e42b-ba97-4167-9827-3430beacf7f7
api-supported-versions: 1.0
X-RequestId: 855b1ff5-ea09-4ff6-a768-4fe21199c3d2
X-Powered-By: ASP.NET
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Connection: keep-alive
Server: Microsoft-IIS/8.5

OPTIONS
H/1.1 200
OK negotiate
api.santanderconsumer.se/consumerloan/hub/events/ 0
0 60ms
32ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events/negotiate?sessionid=_wo2vthlfl
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: api.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Rehost: services-se.scb.osl.basefarm.net
X-Forwarded-Host: api.santanderconsumer.se
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Headers: origin, x-affiliateid, x-requested-with, x-sessionid, accept, api-version, authorization, content-type
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK negotiate Show response
api.santanderconsumer.se/consumerloan/hub/events/ 189 B
489 B 125ms
61ms XHR
application/json 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events/negotiate?sessionid=_wo2vthlfl
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c81753d2226aff36f107d20a707488dbeccb78925b0cf5d54279c30754b4bfde

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 189

GET
H/1.1 404
Not Found events
api.santanderconsumer.se/consumerloan/hub/ 26 B
345 B 88ms
88ms EventSource
text/plain 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events?sessionid=_wo2vthlfl&id=t7lv622Qh37N5_3BJhALMQ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c7af929858812de2298ce48fccb382abf05ca8c86d22e025a68a9ed2d28c4eea

Request headers

Accept: text/event-stream
Cache-Control: no-cache
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Origin
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

OPTIONS
H/1.1 200
OK negotiate
api.santanderconsumer.se/consumerloan/hub/events/ 0
0 33ms
32ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events/negotiate?sessionid=_wo2vthlfl
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: api.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Rehost: services-se.scb.osl.basefarm.net
X-Forwarded-Host: api.santanderconsumer.se
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Headers: origin, x-affiliateid, x-requested-with, x-sessionid, accept, api-version, authorization, content-type
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true

POST
H/1.1 200
OK negotiate Show response
api.santanderconsumer.se/consumerloan/hub/events/ 189 B
489 B 59ms
59ms XHR
application/json 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events/negotiate?sessionid=_wo2vthlfl
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 842a0de7f79fe28a1e9e9447b6cf4493f0c1cc6b7e9e86e675235ec5c748ee2e

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 189

GET
H/1.1 200
OK events Show response
api.santanderconsumer.se/consumerloan/hub/ 0
306 B 75ms
73ms XHR
application/octet-stream 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events?sessionid=_wo2vthlfl&id=Utn3Bj1GqO2Rhb8zQH6wbQ&_=1605954579722
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Origin
Content-Type: application/octet-stream
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

OPTIONS
H/1.1 200
OK events
api.santanderconsumer.se/consumerloan/hub/ 0
0 33ms
33ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events?sessionid=_wo2vthlfl&id=Utn3Bj1GqO2Rhb8zQH6wbQ&_=1605954579722
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: api.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Rehost: services-se.scb.osl.basefarm.net
X-Forwarded-Host: api.santanderconsumer.se
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Headers: origin, x-affiliateid, x-requested-with, x-sessionid, accept, api-version, authorization, content-type
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true

OPTIONS
H/1.1 200
OK events
api.santanderconsumer.se/consumerloan/hub/ 0
0 33ms
33ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events?sessionid=_wo2vthlfl&id=Utn3Bj1GqO2Rhb8zQH6wbQ&_=1605954579836
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: api.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Rehost: services-se.scb.osl.basefarm.net
X-Forwarded-Host: api.santanderconsumer.se
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Headers: origin, x-affiliateid, x-requested-with, x-sessionid, accept, api-version, authorization, content-type
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true

OPTIONS
H/1.1 200
OK events
api.santanderconsumer.se/consumerloan/hub/ 0
0 33ms
33ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events?sessionid=_wo2vthlfl&id=Utn3Bj1GqO2Rhb8zQH6wbQ
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Content-Length: 0
Connection: keep-alive
Host: api.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Rehost: services-se.scb.osl.basefarm.net
X-Forwarded-Host: api.santanderconsumer.se
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Headers: origin, x-affiliateid, x-requested-with, x-sessionid, accept, api-version, authorization, content-type
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true

GET
H/1.1 404
Not Found events Show response
api.santanderconsumer.se/consumerloan/hub/ 26 B
345 B 149ms
84ms XHR
text/plain 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events?sessionid=_wo2vthlfl&id=Utn3Bj1GqO2Rhb8zQH6wbQ&_=1605954579836
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: c7af929858812de2298ce48fccb382abf05ca8c86d22e025a68a9ed2d28c4eea

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 21 Nov 2020 10:29:40 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Origin
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Credentials: true
Connection: keep-alive
Transfer-Encoding: chunked

POST
H/1.1 200
OK events Show response
api.santanderconsumer.se/consumerloan/hub/ 0
292 B 60ms
60ms XHR
text/plain 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events?sessionid=_wo2vthlfl&id=Utn3Bj1GqO2Rhb8zQH6wbQ
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 21 Nov 2020 10:29:39 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Origin
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0

POST
H/1.1 200
OK negotiate Show response
api.santanderconsumer.se/consumerloan/hub/events/ 189 B
489 B 59ms
59ms XHR
application/json 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events/negotiate?sessionid=_wo2vthlfl
Requested by: Host: www.santanderconsumer.se
URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: Microsoft-IIS/8.5 / ASP.NET
Resource Hash: 84a7d95fea567a3015fce8e28f100df52fecec4e6f38ad958f7af3fe7da5bbcd

Request headers

Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Sat, 21 Nov 2020 10:29:40 GMT
Server: Microsoft-IIS/8.5
X-Powered-By: ASP.NET
Vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 189

OPTIONS
H/1.1 200
OK negotiate
api.santanderconsumer.se/consumerloan/hub/events/ 0
0 38ms
38ms Other 3.123.81.162
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.santanderconsumer.se/consumerloan/hub/events/negotiate?sessionid=_wo2vthlfl
Protocol: HTTP/1.1
Server: 3.123.81.162 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-123-81-162.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Date: Sat, 21 Nov 2020 10:29:40 GMT
Content-Length: 0
Connection: keep-alive
Host: api.santanderconsumer.se
X-Forwarded-For: 82.102.20.235
X-Forwarded-Port: 443
X-Forwarded-Proto: https
Pragma: no-cache
Cache-Control: no-cache
Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: x-requested-with
Origin: https://www.santanderconsumer.se
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
Sec-Fetch-Dest: empty
Referer: https://www.santanderconsumer.se/lana/privatlan/ansok-om-privatlan/
Accept-Encoding: gzip,deflate
Accept-Language: en-US
Rehost: services-se.scb.osl.basefarm.net
X-Forwarded-Host: api.santanderconsumer.se
Access-Control-Allow-Origin: https://www.santanderconsumer.se
Access-Control-Allow-Headers: origin, x-affiliateid, x-requested-with, x-sessionid, accept, api-version, authorization, content-type
Access-Control-Max-Age: 3628800
Access-Control-Allow-Methods: GET, PUT, POST, DELETE
Access-Control-Allow-Credentials: true

GET events
api.santanderconsumer.se/consumerloan/hub/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.santanderconsumer.se
URL: https://api.santanderconsumer.se/consumerloan/hub/events?sessionid=_wo2vthlfl&id=ybpnD041FpSYI44kvX3p3g

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.santanderconsumer.se/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: mvich30m0nae0yvvkv5yqn4e

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	error	URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0(Line 6) Message: [2020-11-21T10:29:39.625Z] Error: Failed to start the transport 'ServerSentEvents': Error: Error occurred
console-api	info	URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0(Line 6) Message: [2020-11-21T10:29:39.940Z] Information: Using HubProtocol 'json'.
console-api	error	URL: https://www.santanderconsumer.se/assets/scripts/bundles/vendors.bundle.js?v=1.24.0.0(Line 6) Message: [2020-11-21T10:29:40.026Z] Error: Connection disconnected with error 'Error: Not Found'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' .google.com .gstatic.com googleads.g.doubleclick.net www.googleadservices.com .vimeocdn.com .vimeo.com vimeo.com .ytimg.com .youtube.com .hotjar.com .facebook.net .crazyegg.com .giosg.com .giosgusercontent.com www.googletagmanager.com www.google-analytics.com online.adservicemedia.dk tagmanager.google.com optimize.google.com; frame-src 'self' .santanderconsumer.se .google.com .vimeo.com .facebook.com .santanders.se .hotjar.com .doubleclick.net www.youtube.com optimize.google.com .giosg.com .giosgusercontent.com; child-src 'self' .hotjar.com; img-src 'self' data: .hotjar.com google-analytics.com optimize.google.com; style-src 'self' 'unsafe-inline' tagmanager.google.com fonts.googleapis.com optimize.google.com .giosg.com .giosgusercontent.com; connect-src wss://.santanderconsumer.se .santanderconsumer.se .hotjar.io .hotjar.com wss://.hotjar.com .crazyegg.com wss://.crazyegg.com .giosg.com .giosgusercontent.com .google-analytics.com 'self'; font-src 'self' .hotjar.com fonts.gstatic.com giosg-chat-public-eu.s3.amazonaws.com; worker-src 'self' blob:
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.santanderconsumer.se
auth.santanderconsumer.se
s.ytimg.com
www.googletagmanager.com
www.santanderconsumer.se
www.youtube.com
api.santanderconsumer.se
109.68.88.245
2a00:1450:4001:803::200e
2a00:1450:4001:818::2008
2a00:1450:4001:824::200e
3.123.81.162
05eafe9bdac8520e7f9342650f79c48385578ec58dbd2d5c4aef23203274923c
0c991bee2fbe71996ae52f98bca5f746184c243964f7ee3d71a8fa0da7242e82
0e4bad7e24f4503061fca1eba2c47ea5a5450194559f6f55bd506e071bbdc1cc
10d8e179d09974d8bed33027b04b0be252d6f9c255eaf71b13b7b37fd74029bf
1aff31acdc48045780d3a9e5b0ae7d838d698f1e01ff4284e32c19fa2fecef94
1bbf91bd3123fc5261ec7d5969d5e4c37569da629b46e07a86ddb43b8063d92e
2b303a7379baa0e733d1e22c075cdabd9d7b285d5f234a3663a33c315116a1a4
2f40220d15e77a709257024e5c2c5654d32d6d6d03946d5b85a684cf9df638f5
2fdac304542f3700c2dad87b14331cf5f600d300c957d43f32e8009d93729067
34c39cb9390c7768d64d72c8c4c7ae6a64a2842ddda5f465fb4c79aa84049765
594ea35f8776dc287917c056ab1f60b1a2e688baf14c33154f06239d6e2d2bd0
666ee21eb8db222d7d62af7499ead6f949d21e9feef590b6c65ea09b1be2cca0
68648e168f064fc8cf404257a8302c02df730c493a01f7e1a309f3c2015bda5c
7e6b8cba0e83b72faa6d02cdf31aa13f9dade796827c36623742bcb51b0f15a7
80d6cbb92b4edf205d3a41b09bca448bc79fabfa0602d2c09e290783aa8b4510
842a0de7f79fe28a1e9e9447b6cf4493f0c1cc6b7e9e86e675235ec5c748ee2e
84a7d95fea567a3015fce8e28f100df52fecec4e6f38ad958f7af3fe7da5bbcd
919da797e1b3aa535249caf623941f13cad03114c9b83dc6f8586419539f4aac
9d15d936b8dd40b25573bafaae9eebb0e5c76ae46c040e2c9a53403546b20fca
a1f8d5452f4459ca4b6294fc591f8a7e3d3618582adbffe66a778c0b0bfd94a8
a4f9df55a70d95d678f7e8e2722c4baa9fe53fd00759c54ed9108899650d7c01
a51a092493d58b31dbeb3ed32112fe81dec98b300061ae7e732c5a4dfa5bcc59
aa314162757d804d9dcb5247d62ab631a3f41f1aaa4a97a30b488eef422c455a
b3a0f9443f2dd66f0535d10a162cf1fb470975baf5f7f9f4cbee3bb08c7a280e
bae6ff65877fb5921740b17b444ec5d9069da652c2db24741a052498257cd420
bf45d7c2bcfd473fcce5919c48eef9bcc5531f5fe1c8f86feec7a5b70b35b85e
bfa4ae50848edfd0ae292138884ff3eaf8a6e90c08fe8a8d6226aa7f75340820
c7af929858812de2298ce48fccb382abf05ca8c86d22e025a68a9ed2d28c4eea
c81753d2226aff36f107d20a707488dbeccb78925b0cf5d54279c30754b4bfde
cf8caa4bc984e80bedaf7605fcba8eeb393144855916ca37a9e3878776f4099d
d045b9b0a595d28ed3a2e5eb066ed0321d668fa12def47188a26248fff4b579f
d630578c33dfe6bc3872c8f2f29730590cdb485ee5e843b6d9370a699b9cd052
d9292f5aeb67c87cd795b51fcd918e5d2b5a5adb7fa66659e82ad4b67471e6d3
df139672a44b7828b69f5ea9e627364c7f7c24dc530b6c7249a91557d4421f19
df7abc314cf6e0380973cea5ad3cd7a4536b820d974162c9d94f534f539eef0b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ec6c6c35a35bb74b562f10541e42adcb73c8bf54fbbd2a2999078bde1a279e29
f426ae0be9f5d29baff04654569e7084ff8ce9439f907d6cf8c98ffb9ba9fabd

www.santanderconsumer.se Open in urlscan Pro 109.68.88.245 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

52 Requests

98 %HTTPS

60 %IPv6

4 Domains

6 Subdomains

6 IPs

2 Countries

1509 kBTransfer

3643 kBSize

1 Cookies

0 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.santanderconsumer.se Open in urlscan Pro
109.68.88.245 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

98 %
HTTPS

60 %
IPv6

4
Domains

6
Subdomains

6
IPs

2
Countries

1509 kB
Transfer

3643 kB
Size

1
Cookies

52 HTTP transactions
1 data transactions