urlscan.io logo urlscan.io
SecurityTrails logo

idpeint.post.ch Open in urlscan Pro
194.41.249.1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mit-int-cloud.postauto.ch/
Effective URL: https://idpeint.post.ch/auth/saml
Submission: On June 06 via api from US — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 194.41.249.1, located in Switzerland and belongs to CH-POSTNETZ Post CH AG, CH. The main domain is idpeint.post.ch.
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2022 - 1 on September 19th 2023. Valid for: a year.
This is the only time idpeint.post.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 194.41.248.64 12511 (CH-POSTNE...)
2 194.41.249.3 12511 (CH-POSTNE...)
13 194.41.249.1 12511 (CH-POSTNE...)
15 3
Apex Domain
Subdomains		 Transfer
15 post.ch
aseint.post.ch
idpeint.post.ch
1 MB
2 postauto.ch
mit-int-cloud.postauto.ch
2 KB
15 2
Domain Requested by
13 idpeint.post.ch idpeint.post.ch
2 aseint.post.ch
2 mit-int-cloud.postauto.ch 2 redirects
15 3

This site contains links to these domains. Also see Links.

Domain
www.post.ch
Subject Issuer Validity Valid
aseint.post.ch
SwissSign RSA TLS OV ICA 2022 - 1		 2024-01-08 -
2025-01-08		 a year crt.sh
idpeint.post.ch
SwissSign RSA TLS OV ICA 2022 - 1		 2023-09-19 -
2024-09-19		 a year crt.sh

This page contains 1 frames:

Primary Page: https://idpeint.post.ch/auth/saml
Frame ID: 5E4CE0F31084FB6BD630048DB6C39950
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login interner Account

Page URL History Show full URLs

  1. https://mit-int-cloud.postauto.ch/ HTTP 302
    https://mit-int-cloud.postauto.ch/dienst/ HTTP 302
    https://aseint.post.ch/auth?response_type=code&scope=openid%20email%20profile%20groups%20offline_ac... Page URL
  2. https://idpeint.post.ch/auth/saml Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui[.-]([\d.]*\d)[^/]*\.js
  • jquery-ui.*\.js

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

1090 kB
Transfer

1063 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mit-int-cloud.postauto.ch/ HTTP 302
    https://mit-int-cloud.postauto.ch/dienst/ HTTP 302
    https://aseint.post.ch/auth?response_type=code&scope=openid%20email%20profile%20groups%20offline_access%20employee_id&client_id=9ab9d7a70314d5a3a92dd19440d6ac9a&state=Z4CXz4OlRi47LO-U1AGdsKg7mrA&redirect_uri=https%3A%2F%2Fmit-int-cloud.postauto.ch%2Fcallback&nonce=DDAxxsNXFTaLn0T-fJamcjIx5GBV32p4CwyyZH80SeU&code_challenge=FE-b0az35jyU_0hhEentRV1zg4v4JwXi5PD-VXLM1Ww&code_challenge_method=S256 Page URL
  2. https://idpeint.post.ch/auth/saml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://mit-int-cloud.postauto.ch/ HTTP 302
  • https://mit-int-cloud.postauto.ch/dienst/ HTTP 302
  • https://aseint.post.ch/auth?response_type=code&scope=openid%20email%20profile%20groups%20offline_access%20employee_id&client_id=9ab9d7a70314d5a3a92dd19440d6ac9a&state=Z4CXz4OlRi47LO-U1AGdsKg7mrA&redirect_uri=https%3A%2F%2Fmit-int-cloud.postauto.ch%2Fcallback&nonce=DDAxxsNXFTaLn0T-fJamcjIx5GBV32p4CwyyZH80SeU&code_challenge=FE-b0az35jyU_0hhEentRV1zg4v4JwXi5PD-VXLM1Ww&code_challenge_method=S256

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
auth
aseint.post.ch/
Redirect Chain
  • https://mit-int-cloud.postauto.ch/
  • https://mit-int-cloud.postauto.ch/dienst/
  • https://aseint.post.ch/auth?response_type=code&scope=openid%20email%20profile%20groups%20offline_access%20employee_id&client_id=9ab9d7a70314d5a3a92dd19440d6ac9a&state=Z4CXz4OlRi47LO-U1AGdsKg7mrA&re...
3 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://aseint.post.ch/auth?response_type=code&scope=openid%20email%20profile%20groups%20offline_access%20employee_id&client_id=9ab9d7a70314d5a3a92dd19440d6ac9a&state=Z4CXz4OlRi47LO-U1AGdsKg7mrA&redirect_uri=https%3A%2F%2Fmit-int-cloud.postauto.ch%2Fcallback&nonce=DDAxxsNXFTaLn0T-fJamcjIx5GBV32p4CwyyZH80SeU&code_challenge=FE-b0az35jyU_0hhEentRV1zg4v4JwXi5PD-VXLM1Ww&code_challenge_method=S256
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.3 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-8uAHY9m1B9bsyekQqTLiGg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Headers
*
Cache-Control
no-cache
Connection
Keep-Alive
Content-Encoding
identity
Content-Length
3288
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-8uAHY9m1B9bsyekQqTLiGg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Content-Type
text/html; charset=UTF-8
Date
Thu, 06 Jun 2024 18:21:57 GMT
Keep-Alive
timeout=70, max=100
Pragma
no-cache
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Strict-Transport-Security
max-age=63072000
Vary
Origin
X-Content-Type-Options
nosniff
X-RP-UNIQUE_ID
ZmH-RQrxme7aJefaEHadWAAAA9M
X-Xss-Protection
1; mode=block
traceparent
00-d0db84de947b590cad3e16a59a6eb058-39fac25a5f03e032-00

Redirect headers

Cache-Control
no-cache, no-store, max-age=0
Connection
Keep-Alive
Content-Length
606
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 06 Jun 2024 18:21:57 GMT
Keep-Alive
timeout=5, max=99
Location
https://aseint.post.ch/auth?response_type=code&scope=openid%20email%20profile%20groups%20offline_access%20employee_id&client_id=9ab9d7a70314d5a3a92dd19440d6ac9a&state=Z4CXz4OlRi47LO-U1AGdsKg7mrA&redirect_uri=https%3A%2F%2Fmit-int-cloud.postauto.ch%2Fcallback&nonce=DDAxxsNXFTaLn0T-fJamcjIx5GBV32p4CwyyZH80SeU&code_challenge=FE-b0az35jyU_0hhEentRV1zg4v4JwXi5PD-VXLM1Ww&code_challenge_method=S256
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-RP-UNIQUE_ID
ZmH-RYGWBwLgm82iRkBoMwAAABA
X-Xss-Protection
1; mode=block
traceparent
00-2f90b15dc576de2d3c116dbda3ed4840-faec9e91fe88d781-00
Primary Request saml
idpeint.post.ch/auth/ 		9 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
109a6145ce7c9781394096c2c70d0de8c6616ae7b73c3c0c78f10cb3d1ae9776
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-qi6cwqfEw1fjSYMOiqy09w==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-CH,de;q=0.9;q=0.9
Content-Type
application/x-www-form-urlencoded
Origin
https://aseint.post.ch
Referer
https://aseint.post.ch/auth?response_type=code&scope=openid%20email%20profile%20groups%20offline_access%20employee_id&client_id=9ab9d7a70314d5a3a92dd19440d6ac9a&state=Z4CXz4OlRi47LO-U1AGdsKg7mrA&redirect_uri=https%3A%2F%2Fmit-int-cloud.postauto.ch%2Fcallback&nonce=DDAxxsNXFTaLn0T-fJamcjIx5GBV32p4CwyyZH80SeU&code_challenge=FE-b0az35jyU_0hhEentRV1zg4v4JwXi5PD-VXLM1Ww&code_challenge_method=S256
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://aseint.post.ch
Cache-Control
no-store, no-cache, must-revalidate, private
Connection
Keep-Alive
Content-Length
9370
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-qi6cwqfEw1fjSYMOiqy09w==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Content-Type
text/html;charset=utf-8
Date
Thu, 06 Jun 2024 18:21:57 GMT
Expires
Thu, 1 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=100
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
Strict-Transport-Security
max-age=63072000
Vary
Origin
X-Content-Type-Options
nosniff
X-RP-UNIQUE_ID
ZmH-RYkCqIXzLHNEoA5pEQAAAWo
X-Xss-Protection
1; mode=block
traceparent
00-034f764fec9874fa09a873ce6a40b918-557cc01776f96efa-00
favicon.ico
aseint.post.ch/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://aseint.post.ch/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.3 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://aseint.post.ch/auth?response_type=code&scope=openid%20email%20profile%20groups%20offline_access%20employee_id&client_id=9ab9d7a70314d5a3a92dd19440d6ac9a&state=Z4CXz4OlRi47LO-U1AGdsKg7mrA&redirect_uri=https%3A%2F%2Fmit-int-cloud.postauto.ch%2Fcallback&nonce=DDAxxsNXFTaLn0T-fJamcjIx5GBV32p4CwyyZH80SeU&code_challenge=FE-b0az35jyU_0hhEentRV1zg4v4JwXi5PD-VXLM1Ww&code_challenge_method=S256
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
X-RP-UNIQUE_ID
ZmH-RQrxme7aJefaEHadWQAAA9Y
Connection
Keep-Alive
Content-Length
15086
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 02 May 2023 11:51:16 GMT
Server
Apache
traceparent
00-feb2e28002920c970e8306391af1b3f3-bbff5a6338b4f3d9-00
ETag
"3aee-5fab48e92e1dd"
Vary
X-QOS-EXCL,Origin
Content-Type
image/x-icon
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Keep-Alive
timeout=70, max=99
jquery-ui-1.12.1.custom.min.css
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/ 		21 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/jquery-ui-1.12.1.custom.min.css
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
1cfb9b4e5372e21e0a1761917ade47ff2ffb2debececb2ea8ab9932d559e4680
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-0SbUaABmfiAJBUXBZzYFIg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-0SbUaABmfiAJBUXBZzYFIg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RYkCqIXzLHNEoA5pEgAAAVs
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-456ebde7cc9bd63a5ad0aaad80eab9ea-d0c353762d17cdf7-00
Vary
Origin
Content-Type
text/css
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=99
Expires
Thu, 06 Jun 2024 18:36:57 GMT
post.css
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/ 		565 KB
568 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/post.css
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
391bff833545a2f3c3ee1be0f7a4a49d9fdd0ccc1ccc545e41ebd74d4bbe8ada
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-zHjaUiZAckpI+9SH9vq0Vw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-zHjaUiZAckpI+9SH9vq0Vw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RQm0vdyaRgzWcOjS8AAAAOE
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-a2610cd45213bf0d1520011e00c4df51-ed71e8d22639690e-00
Vary
Origin
Content-Type
text/css
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=100
Expires
Thu, 06 Jun 2024 18:36:57 GMT
app.css
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/ 		6 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/app.css
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
85ddf202fc65e104c0f738db01d55739097a8d7de3cd29ab538349b6d0db7927
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-2D60Fp6TILrb9CjIzje7oA==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-2D60Fp6TILrb9CjIzje7oA==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RQm0vdyaRgzWcOjS8QAAAOU
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-45eb4070a1547dffdb8952bb5a056711-0518acd41d0d2336-00
Vary
Origin
Content-Type
text/css
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=100
Expires
Thu, 06 Jun 2024 18:36:57 GMT
jquery-3.6.0.min.js
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/js/ 		87 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/js/jquery-3.6.0.min.js
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-tPYge0oXGIpput3e3b0dnA==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-tPYge0oXGIpput3e3b0dnA==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RYkCqIXzLHNEoA5pEwAAAWI
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-c0c8a5683ace5773fbd3853adf076e29-ae4a7028819d56b5-00
Vary
Origin
Content-Type
application/javascript
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=98
Expires
Thu, 06 Jun 2024 18:36:57 GMT
bootstrap.bundle.min.js
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/js/ 		79 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/js/bootstrap.bundle.min.js
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
5edf297381b409d711bc8d27676951a59e151e783412850332519c05243d1e24
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-dF/zw0LQ5EvMyrYUGdycMA==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-dF/zw0LQ5EvMyrYUGdycMA==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RYkCqIXzLHNEoA5pFAAAAWc
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-9b88f29730e41edae1790f3538777593-1be30394f3838778-00
Vary
Origin
Content-Type
application/javascript
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=100
Expires
Thu, 06 Jun 2024 18:36:57 GMT
jquery-ui-1.12.1.custom.min.js
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/js/ 		127 KB
129 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/js/jquery-ui-1.12.1.custom.min.js
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
a5bf4c5eec5b61ff70c6481821520aa1052ec4d257554c05b3e19321092514c7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-s+O06q38oueEkBj0Q092Zg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-s+O06q38oueEkBj0Q092Zg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RYkCqIXzLHNEoA5pFQAAAV4
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-fe73a346538aec454789eb15e2fe3855-f55d4b926681364d-00
Vary
Origin
Content-Type
application/javascript
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=100
Expires
Thu, 06 Jun 2024 18:36:57 GMT
app.js
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/js/ 		2 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/js/app.js
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
9ca0d5fc058d314e6d5523132747c8b60c5f78b7dba2875908448124b7f96dd2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-peFbG01kUKUwMKADtGQkxg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-peFbG01kUKUwMKADtGQkxg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RQm0vdyaRgzWcOjS8gAAAOQ
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-fe06958942d4ab061dcdc799118a36ec-0e9b53f96ed27e45-00
Vary
Origin
Content-Type
application/javascript
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=100
Expires
Thu, 06 Jun 2024 18:36:57 GMT
logoPost.svg
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/images/ 		909 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/images/logoPost.svg
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/auth/saml
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
58c803b6cd8e7b56288f26786cce0d905310e39f3dfa7cb20f24c061c82b3a65
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-+RLM2lPgDhcX8+xwsyNFwQ==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-+RLM2lPgDhcX8+xwsyNFwQ==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RQm0vdyaRgzWcOjS8wAAAOA
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-69ecee0d1975eff2ac3a8bee9c36056b-3a8111c83e36df73-00
Vary
Origin
Content-Type
image/svg+xml
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=99
Expires
Thu, 06 Jun 2024 18:36:57 GMT
truncated
/ 		205 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3cbf77fee8febcc1a3cef2e35bfb9d0c19f9a9b5a91ff262be45e18a1bcf9498

Request headers

Accept-Language
de-CH,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		235 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
fafa346f0f80f88f002778cb2fce8a2d4acfd36e54d319016082a46bb35072a7

Request headers

Accept-Language
de-CH,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
frutiger55roman.woff
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/fonts/ 		44 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/fonts/frutiger55roman.woff
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/post.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
291cb4d4ba35092b9b8bd849c7156784c4d15c7b6857da97fa41ae0b80e972b9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-DDleHBdzsZY/iPhOIOnvbw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/post.css
Origin
https://idpeint.post.ch
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-DDleHBdzsZY/iPhOIOnvbw==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RQm0vdyaRgzWcOjS9AAAAOk
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-bf6ac1b458cd28430cfa6f8a0be0229e-058b083410689a21-00
Vary
Origin
Content-Type
font/woff
Access-Control-Allow-Origin
https://idpeint.post.ch
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=99
Expires
Thu, 06 Jun 2024 18:36:57 GMT
frutiger45light.woff
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/fonts/ 		50 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/fonts/frutiger45light.woff
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/post.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
fa4f0aed1d0ec5764d186315819d7d80651bf620bc6378a9745701ad501a4984
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-4tEm2h66fKwzJdQtP4MqZg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/post.css
Origin
https://idpeint.post.ch
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-4tEm2h66fKwzJdQtP4MqZg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RYkCqIXzLHNEoA5pFwAAAWM
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-8409845da72f1dab1e915870f4ec3321-d79ae90443bb182b-00
Vary
Origin
Content-Type
font/woff
Access-Control-Allow-Origin
https://idpeint.post.ch
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=99
Expires
Thu, 06 Jun 2024 18:36:57 GMT
frutiger65bold.woff
idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/fonts/ 		37 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/fonts/frutiger65bold.woff
Requested by
Host: idpeint.post.ch
URL: https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/post.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
dceea27395ed1b2ab536cc460a7b398429d88232a11cea81458db125457a2b1c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-NUZkJCxe4VhoieP+UW9JAg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/gui/login/resources/nevislogrend/applications/def/webdata/css/post.css
Origin
https://idpeint.post.ch
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-NUZkJCxe4VhoieP+UW9JAg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Transfer-Encoding
chunked
X-RP-UNIQUE_ID
ZmH-RYkCqIXzLHNEoA5pFgAAAWA
Connection
Keep-Alive
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Server
Apache
traceparent
00-3ab2e445e99ba6e1cc4ddec7ce1ef292-89e37cf0fef9365d-00
Vary
Origin
Content-Type
font/woff
Access-Control-Allow-Origin
https://idpeint.post.ch
Cache-Control
must-revalidate
Keep-Alive
timeout=5, max=99
Expires
Thu, 06 Jun 2024 18:36:57 GMT
favicon.ico
idpeint.post.ch/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://idpeint.post.ch/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
194.41.249.1 , Switzerland, ASN12511 (CH-POSTNETZ Post CH AG, CH),
Reverse DNS
Software
Apache /
Resource Hash
091099a5b30fd8f83c98a96df5a6b39b091ef985840e559fdcb06ac250b9706f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://idpeint.post.ch/auth/saml
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 18:21:57 GMT
Strict-Transport-Security
max-age=63072000
X-Content-Type-Options
nosniff
X-RP-UNIQUE_ID
ZmH-RYkCqIXzLHNEoA5pGAAAAW4
Connection
Keep-Alive
Content-Length
15086
X-Xss-Protection
1; mode=block
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Tue, 02 May 2023 11:51:16 GMT
Server
Apache
traceparent
00-8eee25d5b662466208deb42ad3a61401-4b2c93ce91489d10-00
ETag
"3aee-5fab48e92e1dd"
Vary
X-QOS-EXCL,Origin
Content-Type
image/x-icon
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| bootstrap function| dropdownAccessible function| removeValidation

4 Cookies

Domain/Path Name / Value
mit-int-cloud.postauto.ch/ Name: mod_auth_openidc_state_Z4CXz4OlRi47LO-U1AGdsKg7mrA
Value: eyJhbGciOiAiZGlyIiwgImVuYyI6ICJBMjU2R0NNIn0..PfXajlMSfQuu0sO_.XRioSUy2DzXWPAGL3nvu2tQqMsonp2iHUM60LdAcdBSsL4oQGlLZ_0FbofQ1_4h0229CUbb5RGCi2Arh2rq1bNeE4NqCA_ESy2Mp8IcO2WEZccQ14YkwNV9aljX4OMd-XW9UePGWp4_ZALJcusqosBUfKC8kF9BVOLVRpT3bSX3d1PRD31-BH7agJtyKbK1b1-V79RQasDUeQlGfMvyj-qwHywCG_zN2JJgDEtHcJzVaD6GcvmDTGOCFayo.CI7FW0Wc69B93AD00GL5LA
.post.ch/ Name: ittrksessid
Value: fa07caef.61a3cc21a57ae
aseint.post.ch/ Name: NavajoAS
Value: 729b1cac4071fKYAOtKFtlEFYnKttgewYrsgVjmClvmO19Bh3ANDJxAMI2
idpeint.post.ch/ Name: NavajoACS
Value: 869a1cac3671YmFknQ4NaO6af9KUe3kdQiCy1HWEFPf4JwzILgtVDhABuW

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://webidecp-a27fcbc9f.dispatcher.hana.ondemand.com https://webidecp-jadtfdlf0x.dispatcher.hana.ondemand.com https://webidecp-a127061bf.dispatcher.hana.ondemand.com https://ayrznyb2f.accounts.ondemand.com https://pfportal-test.pnet.ch https://pfportal.pnet.ch https://intpfwiki.post.ch https://pfwiki.post.ch https://*.wd.pnet.ch; object-src 'none'; script-src 'nonce-8uAHY9m1B9bsyekQqTLiGg==' 'unsafe-inline' 'unsafe-eval' 'strict-dynamic' *.post.ch stackpath.bootstrapcdn.com *.google.com *.google.ch *.google-analytics.com tags.tiqcdn.com *.webtrendslive.com *.webtrends.com *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; style-src 'self' 'unsafe-inline' *.post.ch stackpath.bootstrapcdn.com; img-src 'self' *.youtube.com *.ytimg.com data: *.post.ch stackpath.bootstrapcdn.com *.google-analytics.com *.webtrendslive.com *.webtrends.com *.google.com *.google.ch *.googleadservices.com *.adform.net *.doubleclick.net *.xiti.com *.ipify.org *.googletagmanager.com *.aticdn.net; font-src 'self' data: *.post.ch stackpath.bootstrapcdn.com *.gstatic.com;base-uri 'self'; connect-src 'self' wss://*.post.ch *.post.ch stackpath.bootstrapcdn.com; report-uri https://violations.post.ch/CSP/UAAS/int/enforced
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block