urlscan.io logo urlscan.io
SecurityTrails logo

link.tink.com Open in urlscan Pro
13.226.145.81  Public Scan

Go To Rescan Add Verdict Report
URL: https://link.tink.com/1.0/income-check/?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.amer...
Submission: On March 12 via manual from FR — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 18 HTTP transactions. The main IP is 13.226.145.81, located in United States and belongs to AMAZON-02, US. The main domain is link.tink.com. The Cisco Umbrella rank of the primary domain is 908557.
TLS certificate: Issued by Amazon on August 21st 2021. Valid for: a year.
This is the only time link.tink.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 13.226.145.81 16509 (AMAZON-02)
3 35.188.42.15 15169 (GOOGLE)
1 13.226.145.43 16509 (AMAZON-02)
18 3
Apex Domain
Subdomains		 Transfer
14 tink.com
link.tink.com — Cisco Umbrella Rank: 908557
598 KB
3 sentry.io
sentry.io — Cisco Umbrella Rank: 363
1 KB
1 tink.se
cdn.tink.se — Cisco Umbrella Rank: 952291
15 KB
18 3
Domain Requested by
14 link.tink.com link.tink.com
3 sentry.io link.tink.com
1 cdn.tink.se
18 3

This site contains no links.

Subject Issuer Validity Valid
link.tink.com
Amazon		 2021-08-21 -
2022-09-19		 a year crt.sh
sentry.io
DigiCert SHA2 Secure Server CA		 2020-06-02 -
2022-06-07		 2 years crt.sh
cdn.tink.se
Amazon		 2021-11-16 -
2022-12-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://link.tink.com/1.0/income-check/?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
Frame ID: F9139CD27E83C0D28B1B791508671B31
Requests: 18 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

American Express France

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react

Page Statistics

18
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

3
Subdomains

3
IPs

1
Countries

614 kB
Transfer

2007 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
link.tink.com/1.0/income-check/ 		865 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/1.0/income-check/?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2b419112c303547c4b4f43b9da1229a5eb7889b2d5a398fb82d443545312f4ff
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
fr-FR,fr;q=0.9

Response headers

content-type
text/html
content-length
865
date
Sat, 12 Mar 2022 17:18:24 GMT
last-modified
Fri, 11 Mar 2022 12:01:54 GMT
etag
"9620a4beebd86dd444d8b4e19bffc7d6"
cache-control
no-cache
x-amz-version-id
null
accept-ranges
bytes
server
AmazonS3
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
strict-transport-security
max-age=15724800; includeSubDomains
x-content-type-options
nosniff
x-cache
Error from cloudfront
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-amz-cf-pop
DUS51-C1
x-amz-cf-id
08jz0Jqy0HH_WsruKssuE6NjlrhZ7G2CFALhH7CM8fePD_RBA_UnZQ==
main.e8c089d9.js
link.tink.com/static/js/ 		2 MB
533 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/static/js/main.e8c089d9.js
Requested by
Host: link.tink.com
URL: https://link.tink.com/1.0/income-check/?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f92675a9757a34efbf122fec78a0b865308e40dcd02fb16d15249892c0863111
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://link.tink.com/1.0/income-check/?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
content-encoding
gzip
etag
W/"e794a4ee7442684a69f13ad657c72073"
age
105390
x-cache
Hit from cloudfront
strict-transport-security
max-age=15724800; includeSubDomains
last-modified
Fri, 11 Mar 2022 12:01:52 GMT
server
AmazonS3
date
Fri, 11 Mar 2022 12:01:55 GMT
vary
Accept-Encoding
x-amz-version-id
null
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
content-type
application/javascript
x-amz-cf-id
tngchXxQs0k58yAvsUsCf5f1Eg7ErGFxFMHhGGCLonnkRLEzZLdrxQ==
x-content-type-options
nosniff
main.4797faf2.css
link.tink.com/static/css/ 		619 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/static/css/main.4797faf2.css
Requested by
Host: link.tink.com
URL: https://link.tink.com/1.0/income-check/?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
42b01481ba38aed532176fa9c05c9869c10d123aafd860dc77be15de6392720b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://link.tink.com/1.0/income-check/?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 28 Feb 2022 11:08:16 GMT
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
1059009
x-cache
Hit from cloudfront
content-length
619
last-modified
Mon, 28 Feb 2022 11:08:12 GMT
server
AmazonS3
etag
"2c4b24d0dbcc8985ae5687b3cc8c14c5"
strict-transport-security
max-age=15724800; includeSubDomains
x-amz-version-id
null
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
text/css
x-amz-cf-id
UQXKGXfJhrtc_glK-rMWOQZL2ybMGYZGtvrwbBdrT9yRC2_YiE9YFw==
/
sentry.io/api/1375966/envelope/ 		2 B
403 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.io/api/1375966/envelope/?sentry_key=225f6cadb97546e7b4c0c303c52c9d32&sentry_version=7
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://link.tink.com/
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Sat, 12 Mar 2022 17:18:24 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://link.tink.com
access-control-expose-headers
retry-after, x-sentry-error, x-sentry-rate-limits
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
lota-regular.603a85a7e2118470ee23.woff2
link.tink.com/static/media/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/static/media/lota-regular.603a85a7e2118470ee23.woff2
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/css/main.4797faf2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3ecb6bfee0210e99a4f668f11267723bb3f0f303cbdb9a003e982f450d6aadcc
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://link.tink.com/static/css/main.4797faf2.css
Origin
https://link.tink.com
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 28 Feb 2022 11:08:17 GMT
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
1059008
x-cache
Hit from cloudfront
content-length
23648
last-modified
Mon, 28 Feb 2022 11:08:15 GMT
server
AmazonS3
etag
"e8c3f57685cb4fe6cd4b083854449bbd"
strict-transport-security
max-age=15724800; includeSubDomains
x-amz-version-id
null
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
binary/octet-stream
x-amz-cf-id
FDzyXOhKEr06DKuHjx4pveZG8RM-YAwTHPBgkkwoILSy87L2iP6PeA==
anonymous
link.tink.com/api-proxy/api/v1/user/ 		988 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/api/v1/user/anonymous
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
0b6d1c8544545747a58f61a0aafcba8d1dc1b15f743add9f5e74937c87518afc
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
Content-Type
application/json
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
X-Tink-SDK-Version
1.0
sentry-trace
08a0740d374d448f99da60c8f096556b-8935bcc7511f3057-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/eb7f5312-4f47-45cc-88a2-6d695b2f96eb

Response headers

date
Sat, 12 Mar 2022 17:18:24 GMT
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
x-request-id
817dbdec-3543-b11c-b895-3378b94c6468
pragma
no-cache
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/eb7f5312-4f47-45cc-88a2-6d695b2f96eb
server
tink-api-gateway
strict-transport-security
max-age=15724800; includeSubDomains
content-type
application/json
access-control-allow-origin
https://link.tink.com
x-contact
jobs@tink.se,whitehat@tink.se
access-control-expose-headers
X-Tink-Multi-Factor-Url
cache-control
no-cache
access-control-allow-credentials
true
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-amz-cf-id
4WN-CMo5zjgiKd-YGeoa-Ja7jiitWEAJ1MN4D7QT1T2vqnIELOeRAA==
user
link.tink.com/api-proxy/api/v1/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/api/v1/user
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
97c6069ec874f5a1011fab2b8f300eb140961be8f16f5461d474d2e38fbd8e3b
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
Authorization
Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6ImI0MDFkMmQxLWExYTUtNGRjOS1iNzIzLTZlZTk3ZGU2YmUyNiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDcxMDczMDQsImlhdCI6MTY0NzEwNTUwNCwiaXNzIjoidGluazovL2F1dGgiLCJqdGkiOiI4NDE0YzcwMy04OGQyLTQ2OGUtYTBmNC00NGJiMWJkOWMwMzgiLCJzY29wZXMiOlsicHJvdmlkZXJzOnJlYWQiLCJ1c2VyLXJlcG9ydC1idW5kbGVzOnJlYWQiLCJsaW5rLXNlc3Npb246cmVhZCIsInRyYW5zZmVyOmV4ZWN1dGUiLCJhY2NvdW50LXZlcmlmaWNhdGlvbi1yZXBvcnRzOndyaXRlIiwidXNlci1yZXBvcnQtYnVuZGxlczp3cml0ZSIsImFjY291bnRzOnJlYWQiLCJjcmVkZW50aWFsczpyZWFkIiwidHJhbnNmZXI6cmVhZCIsImF1dGhvcml6YXRpb246cmVhZCIsImNyZWRlbnRpYWxzOndyaXRlIiwiYXV0aG9yaXphdGlvbjpncmFudCIsImNyZWRlbnRpYWxzOnJlZnJlc2giLCJ1c2VyOnJlYWQiLCJwYXltZW50OnJlYWQiLCJpbmNvbWUtY2hlY2tzOmNyZWF0ZSJdLCJzdWIiOiJ0aW5rOi8vYXV0aC91c2VyL2YzODRiNGRlYWExNDRjYTNhYTE0ZmY1OWVlYTJmYzQ4IiwidGluazovL2FwcC9pZCI6IjZmMDRkNzg0MTU3ZTRhMjg4MGVlZmY2MjQ1NzZkMzFkIiwidGluazovL2FwcC92ZXJpZmllZCI6ImZhbHNlIn0.eyzZ53sjTlIV8wfD9wWJtY-uUcvthbtlTj2aYSOQNPLVUk02L5RV1O-dleAxZb-Knnria81vkr4tPmnU26QEjw
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
X-Tink-SDK-Version
1.0
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sentry-trace
08a0740d374d448f99da60c8f096556b-bd53ef818de52a5a-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/35e4f42b-9741-4fee-bc37-394032cb3009

Response headers

date
Sat, 12 Mar 2022 17:18:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
73852e44-8e2d-b371-b141-1425eead5502
pragma
no-cache
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/35e4f42b-9741-4fee-bc37-394032cb3009
server
tink-api-gateway
strict-transport-security
max-age=15724800; includeSubDomains
content-type
application/json
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-contact
jobs@tink.se,whitehat@tink.se
cache-control
no-cache
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-amz-cf-id
tTllUMMUyfC3uQSPoHHuwbwHSSIKaC_AzHLrdQ1i578-NWplEbYthw==
configuration
link.tink.com/api-proxy/link/v1/apps/ 		2 B
955 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/link/v1/apps/configuration
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
Authorization
Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6ImI0MDFkMmQxLWExYTUtNGRjOS1iNzIzLTZlZTk3ZGU2YmUyNiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDcxMDczMDQsImlhdCI6MTY0NzEwNTUwNCwiaXNzIjoidGluazovL2F1dGgiLCJqdGkiOiI4NDE0YzcwMy04OGQyLTQ2OGUtYTBmNC00NGJiMWJkOWMwMzgiLCJzY29wZXMiOlsicHJvdmlkZXJzOnJlYWQiLCJ1c2VyLXJlcG9ydC1idW5kbGVzOnJlYWQiLCJsaW5rLXNlc3Npb246cmVhZCIsInRyYW5zZmVyOmV4ZWN1dGUiLCJhY2NvdW50LXZlcmlmaWNhdGlvbi1yZXBvcnRzOndyaXRlIiwidXNlci1yZXBvcnQtYnVuZGxlczp3cml0ZSIsImFjY291bnRzOnJlYWQiLCJjcmVkZW50aWFsczpyZWFkIiwidHJhbnNmZXI6cmVhZCIsImF1dGhvcml6YXRpb246cmVhZCIsImNyZWRlbnRpYWxzOndyaXRlIiwiYXV0aG9yaXphdGlvbjpncmFudCIsImNyZWRlbnRpYWxzOnJlZnJlc2giLCJ1c2VyOnJlYWQiLCJwYXltZW50OnJlYWQiLCJpbmNvbWUtY2hlY2tzOmNyZWF0ZSJdLCJzdWIiOiJ0aW5rOi8vYXV0aC91c2VyL2YzODRiNGRlYWExNDRjYTNhYTE0ZmY1OWVlYTJmYzQ4IiwidGluazovL2FwcC9pZCI6IjZmMDRkNzg0MTU3ZTRhMjg4MGVlZmY2MjQ1NzZkMzFkIiwidGluazovL2FwcC92ZXJpZmllZCI6ImZhbHNlIn0.eyzZ53sjTlIV8wfD9wWJtY-uUcvthbtlTj2aYSOQNPLVUk02L5RV1O-dleAxZb-Knnria81vkr4tPmnU26QEjw
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
X-Tink-SDK-Version
1.0
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sentry-trace
08a0740d374d448f99da60c8f096556b-b2141b0e77dafae3-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/22c9a8ca-dba0-4711-8554-a25fae2bd435

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
grpc-encoding
identity
x-cache
Miss from cloudfront
content-length
2
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/22c9a8ca-dba0-4711-8554-a25fae2bd435
grpc-accept-encoding
gzip
grpc-status
0
server
tink-api-gateway
date
Sat, 12 Mar 2022 17:18:24 GMT
content-type
application/json
x-request-id
9fbc62ab-3241-b7c5-9e4a-52779e70a108
x-contact
jobs@tink.se,whitehat@tink.se
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-amz-cf-id
4ajkMisa4cUhnzxQqpG_uP49pOVT2lJVdf_mVn3wVNgXBVfeklZhcQ==
FR
link.tink.com/api-proxy/api/v1/providers/ 		53 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/api/v1/providers/FR?excludeNonTestProviders=false&includeTestProviders=false
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
38cc98eeef5c897cd1886c6026e1a23cd6aceb6184642180f6a4853ebe3b9965
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
Authorization
Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6ImI0MDFkMmQxLWExYTUtNGRjOS1iNzIzLTZlZTk3ZGU2YmUyNiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDcxMDczMDQsImlhdCI6MTY0NzEwNTUwNCwiaXNzIjoidGluazovL2F1dGgiLCJqdGkiOiI4NDE0YzcwMy04OGQyLTQ2OGUtYTBmNC00NGJiMWJkOWMwMzgiLCJzY29wZXMiOlsicHJvdmlkZXJzOnJlYWQiLCJ1c2VyLXJlcG9ydC1idW5kbGVzOnJlYWQiLCJsaW5rLXNlc3Npb246cmVhZCIsInRyYW5zZmVyOmV4ZWN1dGUiLCJhY2NvdW50LXZlcmlmaWNhdGlvbi1yZXBvcnRzOndyaXRlIiwidXNlci1yZXBvcnQtYnVuZGxlczp3cml0ZSIsImFjY291bnRzOnJlYWQiLCJjcmVkZW50aWFsczpyZWFkIiwidHJhbnNmZXI6cmVhZCIsImF1dGhvcml6YXRpb246cmVhZCIsImNyZWRlbnRpYWxzOndyaXRlIiwiYXV0aG9yaXphdGlvbjpncmFudCIsImNyZWRlbnRpYWxzOnJlZnJlc2giLCJ1c2VyOnJlYWQiLCJwYXltZW50OnJlYWQiLCJpbmNvbWUtY2hlY2tzOmNyZWF0ZSJdLCJzdWIiOiJ0aW5rOi8vYXV0aC91c2VyL2YzODRiNGRlYWExNDRjYTNhYTE0ZmY1OWVlYTJmYzQ4IiwidGluazovL2FwcC9pZCI6IjZmMDRkNzg0MTU3ZTRhMjg4MGVlZmY2MjQ1NzZkMzFkIiwidGluazovL2FwcC92ZXJpZmllZCI6ImZhbHNlIn0.eyzZ53sjTlIV8wfD9wWJtY-uUcvthbtlTj2aYSOQNPLVUk02L5RV1O-dleAxZb-Knnria81vkr4tPmnU26QEjw
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
X-Tink-SDK-Version
1.0
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sentry-trace
08a0740d374d448f99da60c8f096556b-98a059b6a0f58699-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/24be9ade-18bc-4f27-9351-6febf2d03997

Response headers

date
Sat, 12 Mar 2022 17:18:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
x-cache
Miss from cloudfront
vary
Accept-Encoding
x-xss-protection
1; mode=block
x-request-id
c68a8097-1bb9-bf10-aed9-cef61402fd97
pragma
no-cache
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/24be9ade-18bc-4f27-9351-6febf2d03997
server
tink-api-gateway
strict-transport-security
max-age=15724800; includeSubDomains
content-type
application/json
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-contact
jobs@tink.se,whitehat@tink.se
cache-control
no-cache
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-amz-cf-id
7Pea-13s8LHQRosGR0AOTaGO-Ihjdo5ilx1Qoltfg8ksKeBrV_F89g==
describe
link.tink.com/api-proxy/api/v1/oauth/ 		671 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/api/v1/oauth/describe
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
10537dc0cc9e2b9e0edf520b4e33447c79600bdaf688dff909ca0e73b1076031
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
Authorization
Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6ImI0MDFkMmQxLWExYTUtNGRjOS1iNzIzLTZlZTk3ZGU2YmUyNiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDcxMDczMDQsImlhdCI6MTY0NzEwNTUwNCwiaXNzIjoidGluazovL2F1dGgiLCJqdGkiOiI4NDE0YzcwMy04OGQyLTQ2OGUtYTBmNC00NGJiMWJkOWMwMzgiLCJzY29wZXMiOlsicHJvdmlkZXJzOnJlYWQiLCJ1c2VyLXJlcG9ydC1idW5kbGVzOnJlYWQiLCJsaW5rLXNlc3Npb246cmVhZCIsInRyYW5zZmVyOmV4ZWN1dGUiLCJhY2NvdW50LXZlcmlmaWNhdGlvbi1yZXBvcnRzOndyaXRlIiwidXNlci1yZXBvcnQtYnVuZGxlczp3cml0ZSIsImFjY291bnRzOnJlYWQiLCJjcmVkZW50aWFsczpyZWFkIiwidHJhbnNmZXI6cmVhZCIsImF1dGhvcml6YXRpb246cmVhZCIsImNyZWRlbnRpYWxzOndyaXRlIiwiYXV0aG9yaXphdGlvbjpncmFudCIsImNyZWRlbnRpYWxzOnJlZnJlc2giLCJ1c2VyOnJlYWQiLCJwYXltZW50OnJlYWQiLCJpbmNvbWUtY2hlY2tzOmNyZWF0ZSJdLCJzdWIiOiJ0aW5rOi8vYXV0aC91c2VyL2YzODRiNGRlYWExNDRjYTNhYTE0ZmY1OWVlYTJmYzQ4IiwidGluazovL2FwcC9pZCI6IjZmMDRkNzg0MTU3ZTRhMjg4MGVlZmY2MjQ1NzZkMzFkIiwidGluazovL2FwcC92ZXJpZmllZCI6ImZhbHNlIn0.eyzZ53sjTlIV8wfD9wWJtY-uUcvthbtlTj2aYSOQNPLVUk02L5RV1O-dleAxZb-Knnria81vkr4tPmnU26QEjw
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
Content-Type
application/json
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
X-Tink-SDK-Version
1.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sentry-trace
08a0740d374d448f99da60c8f096556b-94fe10e33fcd4a05-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/5b8574ae-ac73-4243-a057-1150ef754ca7

Response headers

date
Sat, 12 Mar 2022 17:18:24 GMT
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
x-request-id
3614fbd4-757a-b50a-9494-cea1a7fee1c3
pragma
no-cache
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/5b8574ae-ac73-4243-a057-1150ef754ca7
server
tink-api-gateway
strict-transport-security
max-age=15724800; includeSubDomains
content-type
application/json
access-control-allow-origin
https://link.tink.com
x-contact
jobs@tink.se,whitehat@tink.se
access-control-expose-headers
X-Tink-Multi-Factor-Url
cache-control
no-cache
access-control-allow-credentials
true
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-amz-cf-id
y55S7aCN1ZGWlnEhOeXJj9u50fU1ELBtN1bV8v4XZ5xQVx5uRL_Ehg==
analytics
link.tink.com/api-proxy/link/v1/ 		2 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/link/v1/analytics
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
Authorization
Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6ImI0MDFkMmQxLWExYTUtNGRjOS1iNzIzLTZlZTk3ZGU2YmUyNiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDcxMDczMDQsImlhdCI6MTY0NzEwNTUwNCwiaXNzIjoidGluazovL2F1dGgiLCJqdGkiOiI4NDE0YzcwMy04OGQyLTQ2OGUtYTBmNC00NGJiMWJkOWMwMzgiLCJzY29wZXMiOlsicHJvdmlkZXJzOnJlYWQiLCJ1c2VyLXJlcG9ydC1idW5kbGVzOnJlYWQiLCJsaW5rLXNlc3Npb246cmVhZCIsInRyYW5zZmVyOmV4ZWN1dGUiLCJhY2NvdW50LXZlcmlmaWNhdGlvbi1yZXBvcnRzOndyaXRlIiwidXNlci1yZXBvcnQtYnVuZGxlczp3cml0ZSIsImFjY291bnRzOnJlYWQiLCJjcmVkZW50aWFsczpyZWFkIiwidHJhbnNmZXI6cmVhZCIsImF1dGhvcml6YXRpb246cmVhZCIsImNyZWRlbnRpYWxzOndyaXRlIiwiYXV0aG9yaXphdGlvbjpncmFudCIsImNyZWRlbnRpYWxzOnJlZnJlc2giLCJ1c2VyOnJlYWQiLCJwYXltZW50OnJlYWQiLCJpbmNvbWUtY2hlY2tzOmNyZWF0ZSJdLCJzdWIiOiJ0aW5rOi8vYXV0aC91c2VyL2YzODRiNGRlYWExNDRjYTNhYTE0ZmY1OWVlYTJmYzQ4IiwidGluazovL2FwcC9pZCI6IjZmMDRkNzg0MTU3ZTRhMjg4MGVlZmY2MjQ1NzZkMzFkIiwidGluazovL2FwcC92ZXJpZmllZCI6ImZhbHNlIn0.eyzZ53sjTlIV8wfD9wWJtY-uUcvthbtlTj2aYSOQNPLVUk02L5RV1O-dleAxZb-Knnria81vkr4tPmnU26QEjw
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
Content-Type
application/json
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
X-Tink-SDK-Version
1.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sentry-trace
08a0740d374d448f99da60c8f096556b-aa5849d45cdb61d2-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/9c1ff590-6572-4b6f-9a25-645ac7c46b44

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
grpc-encoding
identity
x-cache
Miss from cloudfront
content-length
2
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/9c1ff590-6572-4b6f-9a25-645ac7c46b44
grpc-accept-encoding
gzip
grpc-status
0
server
tink-api-gateway
date
Sat, 12 Mar 2022 17:18:24 GMT
content-type
application/json
access-control-allow-origin
https://link.tink.com
x-contact
jobs@tink.se,whitehat@tink.se
access-control-expose-headers
X-Tink-Multi-Factor-Url
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-request-id
bbecc88b-b056-b14a-84e1-c228bc428abd
x-amz-cf-id
K7tArTqY0CiTFe0D4q9O89wfv-EhuzJPtgXaK4TqrCUyZfnd86c2NQ==
analytics
link.tink.com/api-proxy/link/v1/ 		2 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/link/v1/analytics
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
Authorization
Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6ImI0MDFkMmQxLWExYTUtNGRjOS1iNzIzLTZlZTk3ZGU2YmUyNiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDcxMDczMDQsImlhdCI6MTY0NzEwNTUwNCwiaXNzIjoidGluazovL2F1dGgiLCJqdGkiOiI4NDE0YzcwMy04OGQyLTQ2OGUtYTBmNC00NGJiMWJkOWMwMzgiLCJzY29wZXMiOlsicHJvdmlkZXJzOnJlYWQiLCJ1c2VyLXJlcG9ydC1idW5kbGVzOnJlYWQiLCJsaW5rLXNlc3Npb246cmVhZCIsInRyYW5zZmVyOmV4ZWN1dGUiLCJhY2NvdW50LXZlcmlmaWNhdGlvbi1yZXBvcnRzOndyaXRlIiwidXNlci1yZXBvcnQtYnVuZGxlczp3cml0ZSIsImFjY291bnRzOnJlYWQiLCJjcmVkZW50aWFsczpyZWFkIiwidHJhbnNmZXI6cmVhZCIsImF1dGhvcml6YXRpb246cmVhZCIsImNyZWRlbnRpYWxzOndyaXRlIiwiYXV0aG9yaXphdGlvbjpncmFudCIsImNyZWRlbnRpYWxzOnJlZnJlc2giLCJ1c2VyOnJlYWQiLCJwYXltZW50OnJlYWQiLCJpbmNvbWUtY2hlY2tzOmNyZWF0ZSJdLCJzdWIiOiJ0aW5rOi8vYXV0aC91c2VyL2YzODRiNGRlYWExNDRjYTNhYTE0ZmY1OWVlYTJmYzQ4IiwidGluazovL2FwcC9pZCI6IjZmMDRkNzg0MTU3ZTRhMjg4MGVlZmY2MjQ1NzZkMzFkIiwidGluazovL2FwcC92ZXJpZmllZCI6ImZhbHNlIn0.eyzZ53sjTlIV8wfD9wWJtY-uUcvthbtlTj2aYSOQNPLVUk02L5RV1O-dleAxZb-Knnria81vkr4tPmnU26QEjw
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
Content-Type
application/json
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
X-Tink-SDK-Version
1.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sentry-trace
08a0740d374d448f99da60c8f096556b-adc71091f718f2e1-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/dfbddd72-6436-4cc5-960d-f29389cd18d6

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
grpc-encoding
identity
x-cache
Miss from cloudfront
content-length
2
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/dfbddd72-6436-4cc5-960d-f29389cd18d6
grpc-accept-encoding
gzip
grpc-status
0
server
tink-api-gateway
date
Sat, 12 Mar 2022 17:18:24 GMT
content-type
application/json
access-control-allow-origin
https://link.tink.com
x-contact
jobs@tink.se,whitehat@tink.se
access-control-expose-headers
X-Tink-Multi-Factor-Url
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-request-id
c4094066-0a07-b327-b332-f3af0f021d76
x-amz-cf-id
58jIa9IR2dY71PrgGkJkjrx8oBrb7KKxzbwhqMAmlvi96H5xlsfnZQ==
/
sentry.io/api/1375966/envelope/ 		2 B
403 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.io/api/1375966/envelope/?sentry_key=225f6cadb97546e7b4c0c303c52c9d32&sentry_version=7
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://link.tink.com/
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Sat, 12 Mar 2022 17:18:24 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://link.tink.com
access-control-expose-headers
retry-after, x-sentry-error, x-sentry-rate-limits
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
/
sentry.io/api/1375966/envelope/ 		2 B
403 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.io/api/1375966/envelope/?sentry_key=225f6cadb97546e7b4c0c303c52c9d32&sentry_version=7
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.188.42.15 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
15.42.188.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://link.tink.com/
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Sat, 12 Mar 2022 17:18:24 GMT
vary
Origin
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/json
access-control-allow-origin
https://link.tink.com
access-control-expose-headers
x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time
0
Connection
keep-alive
Content-Length
2
fr-creditmutuel.png
cdn.tink.se/provider-images/fr/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.tink.se/provider-images/fr/fr-creditmutuel.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-43.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4dfe5a6ff2a4418bd9797a9e393cc215dcd46f075bdd3d4aa9bd28e0069c118

Request headers

Accept-Language
fr-FR,fr;q=0.9
Referer
https://link.tink.com/1.0/income-check/connect/fr-creditmutuel-oauth2?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Sat, 12 Mar 2022 16:25:02 GMT
via
1.1 9e627a2e7bf673974b02e3bf374bb842.cloudfront.net (CloudFront)
last-modified
Wed, 09 Mar 2022 16:13:56 GMT
server
AmazonS3
age
3203
etag
"de0fe66d0b0f668ccdc02742ebe6cd73"
x-cache
Hit from cloudfront
content-type
image/png
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-length
14641
x-amz-cf-id
xV3vquWFmJ6wECYxs-BNw-JYQV8PDRqS1E45ZV4gdw52_Z0BKtm2oQ==
lota-semibold.273c185b1896e17d4ed4.woff2
link.tink.com/static/media/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/static/media/lota-semibold.273c185b1896e17d4ed4.woff2
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/css/main.4797faf2.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
17f10cbc41f37b91ec5a738ca46124410c9d25c1a8b24d396be3b06cff10c93b
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://link.tink.com/static/css/main.4797faf2.css
Origin
https://link.tink.com
Accept-Language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 28 Feb 2022 11:08:17 GMT
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
age
1059008
x-cache
Hit from cloudfront
content-length
24640
last-modified
Mon, 28 Feb 2022 11:08:15 GMT
server
AmazonS3
etag
"9be73f2690386d8e7fbb9e3e9ad6f7cf"
strict-transport-security
max-age=15724800; includeSubDomains
x-amz-version-id
null
cache-control
max-age=31536000
x-amz-cf-pop
DUS51-C1
accept-ranges
bytes
content-type
binary/octet-stream
x-amz-cf-id
86Mg6IKd69Mf2JyjpzyyQhHErNf7ukeezC2Ot8RxU83n18Nd8ekHCg==
analytics
link.tink.com/api-proxy/link/v1/ 		2 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/link/v1/analytics
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
Authorization
Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6ImI0MDFkMmQxLWExYTUtNGRjOS1iNzIzLTZlZTk3ZGU2YmUyNiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDcxMDczMDQsImlhdCI6MTY0NzEwNTUwNCwiaXNzIjoidGluazovL2F1dGgiLCJqdGkiOiI4NDE0YzcwMy04OGQyLTQ2OGUtYTBmNC00NGJiMWJkOWMwMzgiLCJzY29wZXMiOlsicHJvdmlkZXJzOnJlYWQiLCJ1c2VyLXJlcG9ydC1idW5kbGVzOnJlYWQiLCJsaW5rLXNlc3Npb246cmVhZCIsInRyYW5zZmVyOmV4ZWN1dGUiLCJhY2NvdW50LXZlcmlmaWNhdGlvbi1yZXBvcnRzOndyaXRlIiwidXNlci1yZXBvcnQtYnVuZGxlczp3cml0ZSIsImFjY291bnRzOnJlYWQiLCJjcmVkZW50aWFsczpyZWFkIiwidHJhbnNmZXI6cmVhZCIsImF1dGhvcml6YXRpb246cmVhZCIsImNyZWRlbnRpYWxzOndyaXRlIiwiYXV0aG9yaXphdGlvbjpncmFudCIsImNyZWRlbnRpYWxzOnJlZnJlc2giLCJ1c2VyOnJlYWQiLCJwYXltZW50OnJlYWQiLCJpbmNvbWUtY2hlY2tzOmNyZWF0ZSJdLCJzdWIiOiJ0aW5rOi8vYXV0aC91c2VyL2YzODRiNGRlYWExNDRjYTNhYTE0ZmY1OWVlYTJmYzQ4IiwidGluazovL2FwcC9pZCI6IjZmMDRkNzg0MTU3ZTRhMjg4MGVlZmY2MjQ1NzZkMzFkIiwidGluazovL2FwcC92ZXJpZmllZCI6ImZhbHNlIn0.eyzZ53sjTlIV8wfD9wWJtY-uUcvthbtlTj2aYSOQNPLVUk02L5RV1O-dleAxZb-Knnria81vkr4tPmnU26QEjw
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
Content-Type
application/json
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect/fr-creditmutuel-oauth2?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
X-Tink-SDK-Version
1.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sentry-trace
bf13258cdf094b2d9f56e0b5c5c8775a-97be1fa98530049a-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/4b0a1fa9-e23b-40c1-b89b-d21744c622ed

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
grpc-encoding
identity
x-cache
Miss from cloudfront
content-length
2
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/4b0a1fa9-e23b-40c1-b89b-d21744c622ed
grpc-accept-encoding
gzip
grpc-status
0
server
tink-api-gateway
date
Sat, 12 Mar 2022 17:18:24 GMT
content-type
application/json
access-control-allow-origin
https://link.tink.com
x-contact
jobs@tink.se,whitehat@tink.se
access-control-expose-headers
X-Tink-Multi-Factor-Url
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-request-id
e0d266d3-afff-b5f7-931b-94ba9464c241
x-amz-cf-id
a8JafGioA-AeX0b7sjTYCv8kf4u6S0UNI0eDhHGiMqhc9y4HnmCKTA==
analytics
link.tink.com/api-proxy/link/v1/ 		2 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://link.tink.com/api-proxy/link/v1/analytics
Requested by
Host: link.tink.com
URL: https://link.tink.com/static/js/main.e8c089d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.226.145.81 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-145-81.dus51.r.cloudfront.net
Software
tink-api-gateway /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff

Request headers

X-Tink-SDK-Product
income-check
Accept-Language
fr-FR,fr;q=0.9
Authorization
Bearer eyJhbGciOiJFUzI1NiIsImtpZCI6ImI0MDFkMmQxLWExYTUtNGRjOS1iNzIzLTZlZTk3ZGU2YmUyNiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE2NDcxMDczMDQsImlhdCI6MTY0NzEwNTUwNCwiaXNzIjoidGluazovL2F1dGgiLCJqdGkiOiI4NDE0YzcwMy04OGQyLTQ2OGUtYTBmNC00NGJiMWJkOWMwMzgiLCJzY29wZXMiOlsicHJvdmlkZXJzOnJlYWQiLCJ1c2VyLXJlcG9ydC1idW5kbGVzOnJlYWQiLCJsaW5rLXNlc3Npb246cmVhZCIsInRyYW5zZmVyOmV4ZWN1dGUiLCJhY2NvdW50LXZlcmlmaWNhdGlvbi1yZXBvcnRzOndyaXRlIiwidXNlci1yZXBvcnQtYnVuZGxlczp3cml0ZSIsImFjY291bnRzOnJlYWQiLCJjcmVkZW50aWFsczpyZWFkIiwidHJhbnNmZXI6cmVhZCIsImF1dGhvcml6YXRpb246cmVhZCIsImNyZWRlbnRpYWxzOndyaXRlIiwiYXV0aG9yaXphdGlvbjpncmFudCIsImNyZWRlbnRpYWxzOnJlZnJlc2giLCJ1c2VyOnJlYWQiLCJwYXltZW50OnJlYWQiLCJpbmNvbWUtY2hlY2tzOmNyZWF0ZSJdLCJzdWIiOiJ0aW5rOi8vYXV0aC91c2VyL2YzODRiNGRlYWExNDRjYTNhYTE0ZmY1OWVlYTJmYzQ4IiwidGluazovL2FwcC9pZCI6IjZmMDRkNzg0MTU3ZTRhMjg4MGVlZmY2MjQ1NzZkMzFkIiwidGluazovL2FwcC92ZXJpZmllZCI6ImZhbHNlIn0.eyzZ53sjTlIV8wfD9wWJtY-uUcvthbtlTj2aYSOQNPLVUk02L5RV1O-dleAxZb-Knnria81vkr4tPmnU26QEjw
X-Tink-OAuth-Client-ID
f8dcd395232940599c93ae2eb0497627
Content-Type
application/json
Accept
application/json
X-Tink-SDK-Name
Tink Link Web
Referer
https://link.tink.com/1.0/income-check/connect/fr-creditmutuel-oauth2?client_id=f8dcd395232940599c93ae2eb0497627&redirect_uri=https%3A%2F%2Fwww.americanexpress.com%2Ffr-fr%2Fservices%2Fdemande-carte%2Ftink%2Fmerci%2Findex.html&market=FR&locale=sv_SE&input_provider=fr-creditmutuel-oauth2
X-Tink-SDK-Version
1.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
sentry-trace
bf13258cdf094b2d9f56e0b5c5c8775a-83a3b68de3c2ef9f-0
X-Client-Trace-ID
65e8845e-f07b-4fab-906c-1c58b5b81137/fdec1b69-d448-4a34-bebf-b26b60b896b6

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
via
1.1 962c9e2b0aa7dee39ccec2b38fda120e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
DUS51-C1
grpc-encoding
identity
x-cache
Miss from cloudfront
content-length
2
x-client-trace-id
65e8845e-f07b-4fab-906c-1c58b5b81137/fdec1b69-d448-4a34-bebf-b26b60b896b6
grpc-accept-encoding
gzip
grpc-status
0
server
tink-api-gateway
date
Sat, 12 Mar 2022 17:18:24 GMT
content-type
application/json
access-control-allow-origin
https://link.tink.com
x-contact
jobs@tink.se,whitehat@tink.se
access-control-expose-headers
X-Tink-Multi-Factor-Url
content-security-policy
base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
x-request-id
940d0441-637f-b09f-94db-d184686c54e5
x-amz-cf-id
yqgoSl7gYoHTJtvNGUdTTUbWKr3HHnYbv_OlIBMvetfDY9iH97jkuA==

Verdicts & Comments Add Verdict or Comment

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored object| webpackChunk_tink_tink_link object| SENTRY_RELEASE object| SENTRY_RELEASES object| regeneratorRuntime object| core function| setImmediate function| clearImmediate boolean| _babelPolyfill object| __SENTRY__ function| _ number| 2f1acc6c3a606b082e5eef5e54414ffb

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'self'; connect-src 'self' https://sentry.io https://api.xs2a.com https://cdn.tink.se; default-src 'self'; font-src 'self' https://cdn.tink.se https://fonts.gstatic.com https://use.typekit.net; frame-src 'none'; img-src 'self' https://cdn.tink.se data: https://dau40evdb2o0g.cloudfront.net https://p.typekit.net https://api.xs2a.com; manifest-src 'self'; media-src 'none'; object-src 'none'; script-src 'self' 'unsafe-inline' https://cdn.tink.se https://use.typekit.net; style-src 'self' 'unsafe-inline' https://cdn.tink.se https://fonts.googleapis.com; worker-src 'none'
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Type-Options nosniff