takecharge.capitalone.com Open in urlscan Pro
63.149.40.130 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://takecharge.capitalone.com/
Effective URL:
https://takecharge.capitalone.com/
Submission: On July 10 via manual (July 10th 2024, 12:19:23 pm UTC) from US — Scanned from DE

Summary HTTP 26 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 26 HTTP transactions. The main IP is 63.149.40.130, located in United States and belongs to FSA-AMH-AS01, US. The main domain is takecharge.capitalone.com.
TLS certificate: Issued by DigiCert EV RSA CA G2 on February 23rd 2024. Valid for: a year.

This is the only time takecharge.capitalone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
26	63.149.40.130 63.149.40.130		21969 (FSA-AMH-AS01) (FSA-AMH-AS01)
26	1

26 63.149.40.130 (United States)

ASN21969 (FSA-AMH-AS01, US)

takecharge.capitalone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	capitalone.com takecharge.capitalone.com	650 KB
26	1

	Domain	Requested by
26	takecharge.capitalone.com	takecharge.capitalone.com
26	1

This site contains links to these domains. Also see Links.

Domain
www.capitalone.com
www.capitalonecareers.com
www.nyc.gov

Subject Issuer	Validity	Valid
takecharge.capitalone.com DigiCert EV RSA CA G2	`2024-02-23` - `2025-03-25`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://takecharge.capitalone.com/
Frame ID: C7361F3CDCF0BD662E841A8C5BAD8338
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Capital One Capital One

Page URL History Show full URLs

http://takecharge.capitalone.com/ HTTP 307
https://takecharge.capitalone.com/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

SweetAlert (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweet(?:-)?alert(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

26
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

650 kB
Transfer

1225 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.capitalone.com/identity-protection/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://www.capitalone.com/identity-protection/commitment/
Title: commitment to prevent fraud

Search URL Search Domain Scan URL

URL: https://www.capitalone.com/contact/
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.capitalonecareers.com/
Title: Careers

Search URL Search Domain Scan URL

URL: http://www.capitalone.com/about/accessibility-commitment/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nyc.gov/dca
Title: www.nyc.gov/dca.

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://takecharge.capitalone.com/ HTTP 307
https://takecharge.capitalone.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

26 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
takecharge.capitalone.com/
Redirect Chain

http://takecharge.capitalone.com/
https://takecharge.capitalone.com/

16 KB
17 KB

641ms
295ms

Document
text/html

63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

db1b0d738f4698c3c874f12224839741f2f225b1a13d6514a29aebb4546d1768

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-expose-headers: Request-Context
cache-control: private
content-length: 16345
content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Wed, 10 Jul 2024 12:19:17 GMT
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: strict-origin
request-context: appId=cid-v1:ee4ac2c8-5837-4f6e-a0df-7a957d6b8cc4
server
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

Redirect headers

Location: https://takecharge.capitalone.com/
Non-Authoritative-Reason: HttpsUpgrades

GET
H2 200 ods-core.min.css
takecharge.capitalone.com/Style/ 94 KB
94 KB 410ms
408ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/ods-core.min.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

1c1d27ccdc3873e19a969ff6494d7c3142d2a0114faf2a8e505a4a8b16853f14

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 96248
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 17:09:34 GMT
server
cross-origin-opener-policy: same-origin
etag: "0dbc4a22cb0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 firstsource.css
takecharge.capitalone.com/Style/ 3 KB
3 KB 537ms
536ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/firstsource.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

93707463e31ee987089e0fd9e0aababac0979abdb7c9ffd295d816a775867132

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 2857
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 jquery-3.5.1.min.js Show response
takecharge.capitalone.com/Scripts/ 105 KB
32 KB 135ms
133ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/jquery-3.5.1.min.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

3c7f5a4a47719c5c9827bf73eb2d62176c9a5378324b70fe64de345adf36a0c2

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 33064
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Tue, 23 Jun 2020 06:39:43 GMT
server
cross-origin-opener-policy: same-origin
etag: "80e1e0132949d61:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 sweetalert.min.js Show response
takecharge.capitalone.com/Scripts/ 17 KB
5 KB 271ms
269ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/sweetalert.min.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

be4d1215ef6f2b2915b7f65cd28b9a9f7dcef17e1f0d883edd19400ca0ea795c

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 5417
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 sweetalert.css
takecharge.capitalone.com/Scripts/ 27 KB
27 KB 538ms
537ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/sweetalert.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

3fb5610cc02303f26c8a3f2c1e8158fa8b479043bc8f15868894258e0e1f1ee9

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 27874
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 jquery-ui.min.js Show response
takecharge.capitalone.com/Scripts/ 248 KB
66 KB 273ms
271ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/jquery-ui.min.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

cc6f3e15f2435d6667fee06140e7fdd86275618e6878a4a1004754f5461d76e2

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 67837
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 jquery-ui.min.css
takecharge.capitalone.com/Scripts/ 40 KB
40 KB 541ms
540ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/jquery-ui.min.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

141b9c42f06f12c756e55fccf021a0d9ead8f3a1f4210f7737248330cd2002a0

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 40671
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 moment.js Show response
takecharge.capitalone.com/Utilities/moment/ 171 KB
36 KB 403ms
402ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Utilities/moment/moment.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

c33f09a4e1230f3075be8d2a94081108d52f62d3c30b9a238941fe80790267c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 36566
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:58 GMT
server
cross-origin-opener-policy: same-origin
etag: "0c38d9e16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 bootstrap-datepicker3.css
takecharge.capitalone.com/Utilities/datePickerAdaCompactable/ 22 KB
22 KB 543ms
542ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Utilities/datePickerAdaCompactable/bootstrap-datepicker3.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

fcfcf30813f8802c51dc698e07d3e97e28a8a9630b0db302e2e07a3e32a048f2

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 22859
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:56 GMT
server
cross-origin-opener-policy: same-origin
etag: "0965c9d16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 bootstrap-datepicker.js Show response
takecharge.capitalone.com/Utilities/datePickerAdaCompactable/ 57 KB
15 KB 560ms
559ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Utilities/datePickerAdaCompactable/bootstrap-datepicker.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

7297ab1616b4108447ac0d75c9a0fa7398720f67658de1fae3365e92282fe514

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 15032
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:56 GMT
server
cross-origin-opener-policy: same-origin
etag: "0965c9d16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 Custom.js Show response
takecharge.capitalone.com/Scripts/ 39 KB
6 KB 559ms
558ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/Custom.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

1d2995b5bb70e5bb17e45b593fccf98ad388c389011a668b5ba789296fccfb07

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 6229
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Fri, 07 Jul 2023 13:18:59 GMT
server
cross-origin-opener-policy: same-origin
etag: "8023e196d5b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 WebResource.axd Show response
takecharge.capitalone.com/ 23 KB
23 KB 559ms
558ms Script
application/x-javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZB8mud_P4yxhN2lrfw06PKIhi2LzDQBuwOV9R4QF6VRGr-Pcr7bN9KxA2s15YMkCWA2&t=636531754929936355

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 23063
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ee4ac2c8-5837-4f6e-a0df-7a957d6b8cc4
referrer-policy: strict-origin
last-modified: Fri, 02 Feb 2018 18:38:12 GMT
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
access-control-expose-headers: Request-Context
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
expires: Thu, 10 Jul 2025 10:24:46 GMT

GET
H2 200 MicrosoftAjax.js Show response
takecharge.capitalone.com/Scripts/WebForms/MsAjax/ 97 KB
24 KB 669ms
668ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/WebForms/MsAjax/MicrosoftAjax.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

8fd8aee0188475201e3a6d14a25422587f2d82bb6cbf4ed525029c62bc58a9d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 24363
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 MicrosoftAjaxWebForms.js Show response
takecharge.capitalone.com/Scripts/WebForms/MsAjax/ 39 KB
9 KB 669ms
668ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

33c989079aa502f14e3103d98d176417dd63cb1878420cb7be25fb441d5f9fb3

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 9621
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 capital-one-logo.png
takecharge.capitalone.com/Images/ 11 KB
11 KB 669ms
669ms Image
image/png 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://takecharge.capitalone.com/Images/capital-one-logo.png

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

53875b1bf6c3140aeb0a712e49d144836f923eb08bc22b97bd52468bc8e35693

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:17 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 11278
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 404 Optimist_W_Rg.woff2
takecharge.capitalone.com/Style/fonts/ 0
0 135ms
134ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.woff2

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_SBd.woff2
takecharge.capitalone.com/Style/fonts/ 0
0 137ms
137ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.woff2

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_Lt.woff2
takecharge.capitalone.com/Style/fonts/ 0
0 136ms
136ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.woff2

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_Rg.woff
takecharge.capitalone.com/Style/fonts/ 0
0 139ms
133ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.woff

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_Lt.woff
takecharge.capitalone.com/Style/fonts/ 0
0 137ms
135ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.woff

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_SBd.woff
takecharge.capitalone.com/Style/fonts/ 0
0 137ms
136ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.woff

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 Optimist_W_Rg.ttf
takecharge.capitalone.com/Style/fonts/ 68 KB
68 KB 150ms
149ms Font
application/octet-stream 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.ttf

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

2e850b88a328009725d365d5db5683fdc1acfa23ca91270d8ee147b8d2886d87

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 69540
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 Optimist_W_Lt.ttf
takecharge.capitalone.com/Style/fonts/ 68 KB
68 KB 144ms
143ms Font
application/octet-stream 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.ttf

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

0ecad1a8a4ae4d7a53af0cbc7d24636558f0638bc3ec3704763b0f7fd19fcee0

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 69156
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 Optimist_W_SBd.ttf
takecharge.capitalone.com/Style/fonts/ 68 KB
68 KB 139ms
139ms Font
application/octet-stream 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.ttf

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

563c31f8f3575c4d9ed82416932f2ee5c1fadee57529d37850748e2dfc171c1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 69564
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 favicon.ico
takecharge.capitalone.com/Images/ 15 KB
15 KB 143ms
143ms Other
image/x-icon 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Images/favicon.ico

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 , United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

5f2123af80970c0478de7f373c9d861d886e070592ebcd55fa372d8dfc9752ec

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Wed, 10 Jul 2024 12:19:18 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 15086
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/x-icon
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			takecharge.capitalone.com/	1969-12-31 23:59:59	Name: __AntiXsrfToken Value: 7bf8207e19dd4e9085e49d4a23b78611

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://takecharge.capitalone.com/(Line 223) Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-UITiqbXyaWS7NpwiFrMIbdXAZy5EXLRUHkpylF4504k='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://takecharge.capitalone.com/(Line 250) Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval'". Either the 'unsafe-inline' keyword, a hash ('sha256-Q5Ca/ka5d+GRM4+Mjn6Y8UAi/12X/osv/Rfv++eamak='), or a nonce ('nonce-...') is required to enable inline execution.
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.woff Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

takecharge.capitalone.com
63.149.40.130
0ecad1a8a4ae4d7a53af0cbc7d24636558f0638bc3ec3704763b0f7fd19fcee0
141b9c42f06f12c756e55fccf021a0d9ead8f3a1f4210f7737248330cd2002a0
1c1d27ccdc3873e19a969ff6494d7c3142d2a0114faf2a8e505a4a8b16853f14
1d2995b5bb70e5bb17e45b593fccf98ad388c389011a668b5ba789296fccfb07
2e850b88a328009725d365d5db5683fdc1acfa23ca91270d8ee147b8d2886d87
33c989079aa502f14e3103d98d176417dd63cb1878420cb7be25fb441d5f9fb3
3c7f5a4a47719c5c9827bf73eb2d62176c9a5378324b70fe64de345adf36a0c2
3fb5610cc02303f26c8a3f2c1e8158fa8b479043bc8f15868894258e0e1f1ee9
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
53875b1bf6c3140aeb0a712e49d144836f923eb08bc22b97bd52468bc8e35693
563c31f8f3575c4d9ed82416932f2ee5c1fadee57529d37850748e2dfc171c1e
5f2123af80970c0478de7f373c9d861d886e070592ebcd55fa372d8dfc9752ec
7297ab1616b4108447ac0d75c9a0fa7398720f67658de1fae3365e92282fe514
8fd8aee0188475201e3a6d14a25422587f2d82bb6cbf4ed525029c62bc58a9d3
93707463e31ee987089e0fd9e0aababac0979abdb7c9ffd295d816a775867132
be4d1215ef6f2b2915b7f65cd28b9a9f7dcef17e1f0d883edd19400ca0ea795c
c33f09a4e1230f3075be8d2a94081108d52f62d3c30b9a238941fe80790267c6
cc6f3e15f2435d6667fee06140e7fdd86275618e6878a4a1004754f5461d76e2
db1b0d738f4698c3c874f12224839741f2f225b1a13d6514a29aebb4546d1768
fcfcf30813f8802c51dc698e07d3e97e28a8a9630b0db302e2e07a3e32a048f2

takecharge.capitalone.com Open in urlscan Pro 63.149.40.130 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

26 Requests

100 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

650 kBTransfer

1225 kBSize

1 Cookies

6 Outgoing links

Page URL History

Redirected requests

26 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

87 JavaScript Global Variables

1 Cookies

8 Console Messages

takecharge.capitalone.com Open in urlscan Pro
63.149.40.130 Public Scan

Screenshot
Live screenshot

Full Image

26
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

650 kB
Transfer

1225 kB
Size

1
Cookies

26 HTTP transactions
0 data transactions