benefitsplus-auth-dev.hsbc.com.hk Open in urlscan Pro
2600:9000:266e:1600:a:9a74:f000:93a1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://benefitsplus-dev.hsbc.com.hk/
Effective URL:
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Submission Tags: falconsandbox
Submission: On June 05 via api (June 5th 2024, 1:00:34 pm UTC) from US — Scanned from DE

Summary HTTP 75 Redirects Links 5 Behaviour Indicators

Summary

This website contacted 17 IPs in 6 countries across 14 domains to perform 75 HTTP transactions. The main IP is 2600:9000:266e:1600:a:9a74:f000:93a1, located in United States and belongs to AMAZON-02, US. The main domain is benefitsplus-auth-dev.hsbc.com.hk.
TLS certificate: Issued by DigiCert EV RSA CA G2 on August 10th 2023. Valid for: a year.

This is the only time benefitsplus-auth-dev.hsbc.com.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4 19	2600:9000:266... 2600:9000:266e:1600:a:9a74:f000:93a1	16509 (AMAZON-02) (AMAZON-02)
17	2600:9000:26d... 2600:9000:26db:c600:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:81c::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:810::2003	15169 (GOOGLE) (GOOGLE)
1	23.37.38.214 23.37.38.214	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1288:80:... 2a00:1288:80:807::2	203220 (YAHOO-DEB) (YAHOO-DEB)
1	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2	52.197.35.231 52.197.35.231	16509 (AMAZON-02) (AMAZON-02)
5	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
2	3.255.41.64 3.255.41.64	16509 (AMAZON-02) (AMAZON-02)
2	178.249.97.23 178.249.97.23	11054 (LIVEPERSON) (LIVEPERSON)
7	203.112.83.226 203.112.83.226	9221 (HSBC-HK-A...) (HSBC-HK-AS HSBC HongKong)
2	2a03:2880:f08... 2a03:2880:f084:d:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	54.95.104.89 54.95.104.89	16509 (AMAZON-02) (AMAZON-02)
1	34.120.154.120 34.120.154.120	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.194.74.133 18.194.74.133	16509 (AMAZON-02) (AMAZON-02)
75	17

19 2600:9000:266e:1600:a:9a74:f000:93a1 (United States) 4 redirects

ASN16509 (AMAZON-02, US)

benefitsplus-dev.hsbc.com.hk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
benefitsplus-auth-dev.hsbc.com.hk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2600:9000:26db:c600:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.37.38.214 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-38-214.deploy.static.akamaitechnologies.com

akamai.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)

s.yimg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.71.131.137 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.197.35.231 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-197-35-231.ap-northeast-1.compute.amazonaws.com

collect-ap-northeast-1.tealiumiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.255.41.64 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-255-41-64.eu-west-1.compute.amazonaws.com

sp.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.23 (United States)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 203.112.83.226 (Hong Kong)

ASN9221 (HSBC-HK-AS HSBC HongKong, HK)

www.issthk-dev.hsbc.com.hk	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f084:d:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.95.104.89 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-95-104-89.ap-northeast-1.compute.amazonaws.com

visitor-service-ap-northeast-1.tealiumiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.120.154.120 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 120.154.120.34.bc.googleusercontent.com

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.194.74.133 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-194-74-133.eu-central-1.compute.amazonaws.com

datacloud.tealiumiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	hsbc.com.hk 4 redirects benefitsplus-dev.hsbc.com.hk benefitsplus-auth-dev.hsbc.com.hk www.hkg1vl0048.p2g.netd2.hsbc.com.hk Failed www.issthk-dev.hsbc.com.hk	102 KB
18	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1326 akamai.tiqcdn.com — Cisco Umbrella Rank: 13270	280 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 78	417 KB
5	tealiumiq.com collect-ap-northeast-1.tealiumiq.com — Cisco Umbrella Rank: 159999 visitor-service-ap-northeast-1.tealiumiq.com — Cisco Umbrella Rank: 161249 datacloud.tealiumiq.com — Cisco Umbrella Rank: 7735	40 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 205	90 KB
2	liveperson.net lptag.liveperson.net — Cisco Umbrella Rank: 4101	128 KB
2	yahoo.com sp.analytics.yahoo.com — Cisco Umbrella Rank: 1683	623 B
1	lpsnmedia.net accdn.lpsnmedia.net Failed lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 4138 Failed
1	adsrvr.org match.adsrvr.org — Cisco Umbrella Rank: 409	149 B
1	yimg.com s.yimg.com — Cisco Umbrella Rank: 693	7 KB
1	gstatic.com fonts.gstatic.com	48 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 70	2 KB
0	facebook.com Failed www.facebook.com Failed
0	doubleclick.net Failed cm.g.doubleclick.net Failed
75	14

	Domain	Requested by
17	tags.tiqcdn.com	benefitsplus-auth-dev.hsbc.com.hk tags.tiqcdn.com
17	benefitsplus-auth-dev.hsbc.com.hk	2 redirects benefitsplus-auth-dev.hsbc.com.hk tags.tiqcdn.com
7	www.issthk-dev.hsbc.com.hk	tags.tiqcdn.com
5	www.googletagmanager.com	tags.tiqcdn.com www.googletagmanager.com
2	visitor-service-ap-northeast-1.tealiumiq.com	tags.tiqcdn.com
2	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
2	lptag.liveperson.net	tags.tiqcdn.com
2	sp.analytics.yahoo.com	benefitsplus-auth-dev.hsbc.com.hk
2	collect-ap-northeast-1.tealiumiq.com	tags.tiqcdn.com
2	benefitsplus-dev.hsbc.com.hk	2 redirects
1	datacloud.tealiumiq.com	tags.tiqcdn.com
1	lpcdn.lpsnmedia.net	lptag.liveperson.net
1	match.adsrvr.org	benefitsplus-auth-dev.hsbc.com.hk
1	s.yimg.com	tags.tiqcdn.com
1	akamai.tiqcdn.com	tags.tiqcdn.com
1	fonts.gstatic.com	fonts.googleapis.com
1	fonts.googleapis.com	benefitsplus-auth-dev.hsbc.com.hk
0	accdn.lpsnmedia.net Failed	lptag.liveperson.net
0	www.facebook.com Failed	benefitsplus-auth-dev.hsbc.com.hk
0	cm.g.doubleclick.net Failed	benefitsplus-auth-dev.hsbc.com.hk
0	www.hkg1vl0048.p2g.netd2.hsbc.com.hk Failed	tags.tiqcdn.com
75	21

This site contains links to these domains. Also see Links.

Domain
benefitsplus-dev.hsbc.com.hk

Subject Issuer	Validity	Valid
benefitsplus-dev.hsbc.com.hk DigiCert EV RSA CA G2	`2023-08-10` - `2024-09-09`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M02	`2024-03-19` - `2025-04-17`	a year	crt.sh
upload.video.google.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.gstatic.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
*.tiqcdn.com DigiCert TLS RSA SHA256 2020 CA1	`2023-11-16` - `2024-11-16`	a year	crt.sh
*.fantasysports.yahoo.com DigiCert SHA2 High Assurance Server CA	`2024-05-30` - `2024-07-17`	2 months	crt.sh
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020	`2024-04-23` - `2025-05-25`	a year	crt.sh
*.tealiumiq.com Amazon RSA 2048 M01	`2023-07-23` - `2024-08-19`	a year	crt.sh
*.google-analytics.com WR2	`2024-05-21` - `2024-08-13`	3 months	crt.sh
real.sp.analytics.yahoo.com DigiCert SHA2 High Assurance Server CA	`2024-03-19` - `2024-09-11`	6 months	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2023-11-28` - `2024-11-27`	a year	crt.sh
www.issthk-dev.hsbc.com.hk DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-19` - `2024-10-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-03-14` - `2024-06-12`	3 months	crt.sh
*.lpsnmedia.net Sectigo RSA Organization Validation Secure Server CA	`2023-11-15` - `2024-11-14`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Frame ID: 50FA72ADA97443CCB0F59E6828706725
Requests: 74 HTTP requests in this frame

Frame: data://truncated
Frame ID: B0D2B8E2DB9C7B4908DE4D769C41158C
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: D15D2D7078706FD14A8F659F8207C828
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: E822571ADCF05B4EEC496EAF36734255
Requests: 2 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/storage.secure.min.html?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Frame ID: 97A6004DEDA97B34954F2E6A4E0F8926
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Welcome to HSBC Life Benefits+

Page URL History Show full URLs

http://benefitsplus-dev.hsbc.com.hk/ HTTP 307
https://benefitsplus-dev.hsbc.com.hk/ HTTP 302
https://benefitsplus-dev.hsbc.com.hk/login?path=%2F HTTP 302
https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_typ... HTTP 302
https://benefitsplus-auth-dev.hsbc.com.hk/interaction/bsIZgLbF3tVL9Mg14nhqE?lang=en-HK HTTP 302
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Page Statistics

75
Requests

81 %
HTTPS

44 %
IPv6

14
Domains

21
Subdomains

17
IPs

6
Countries

1098 kB
Transfer

3921 kB
Size

18
Cookies

5 Outgoing links

These are links going to different origins than the main page.

URL: https://benefitsplus-dev.hsbc.com.hk/forgot-password?lang=en-HK&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828
Title: Forgot your password?

Search URL Search Domain Scan URL

URL: https://benefitsplus-dev.hsbc.com.hk/registration/registration-email?lang=en-HK&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828
Title: Register now

Search URL Search Domain Scan URL

URL: https://benefitsplus-dev.hsbc.com.hk/contact-us?lang=en-HK&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828
Title: Contact us

Search URL Search Domain Scan URL

URL: https://benefitsplus-dev.hsbc.com.hk/legal/terms?lang=en-HK&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828
Title: Terms

Search URL Search Domain Scan URL

URL: https://benefitsplus-dev.hsbc.com.hk/legal/privacy?lang=en-HK&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828&vid=018fe87c8d340021b14712e68e780506f005406700b08_hk&sid=1717592427828
Title: Privacy

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://benefitsplus-dev.hsbc.com.hk/ HTTP 307
https://benefitsplus-dev.hsbc.com.hk/ HTTP 302
https://benefitsplus-dev.hsbc.com.hk/login?path=%2F HTTP 302
https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-dev.hsbc.com.hk&protocol=oauth0&connection=hsbc&audience=hsbc&state=%2F HTTP 302
https://benefitsplus-auth-dev.hsbc.com.hk/interaction/bsIZgLbF3tVL9Mg14nhqE?lang=en-HK HTTP 302
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

75 HTTP transactions
6 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
benefitsplus-auth-dev.hsbc.com.hk/
Redirect Chain

http://benefitsplus-dev.hsbc.com.hk/
https://benefitsplus-dev.hsbc.com.hk/
https://benefitsplus-dev.hsbc.com.hk/login?path=%2F
https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-dev.hsbc.com.hk&pro...
https://benefitsplus-auth-dev.hsbc.com.hk/interaction/bsIZgLbF3tVL9Mg14nhqE?lang=en-HK
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

5 KB
5 KB

283ms
271ms

Document
text/html

2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

e2e61ce45a2b0427fd79a80c312b3b73188127587bf44379a7ea7aa26184b510

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
content-encoding: gzip
content-length: 1652
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
content-type: text/html; charset=utf-8
date: Wed, 05 Jun 2024 13:00:26 GMT
etag: W/"13a5-OdnTBvd62aJ/6BrXIz8ESDVWY78"
server: CloudFront
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept-Encoding
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-apigw-id: Y5QowFYnnUYESug=
x-amz-cf-id: t4QNyCOPxTe9N6AmGdb-P7ljiFzDUHoHEuhFA66fHDRZ1t2HQ8vPYw==
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:26 GMT
x-amzn-requestid: 9bde1c1d-1acd-4feb-b02b-84643ef17336
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-correlation-id: 04c859c2768eb118e09ccc68b33ff75f
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

access-control-allow-origin: *
cache-control: no-cache, no-store
content-length: 138
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
content-type: text/html; charset=utf-8
date: Wed, 05 Jun 2024 13:00:26 GMT
location: /login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
pragma: no-cache
server: CloudFront
strict-transport-security: max-age=63072000; includeSubdomains; preload
vary: Accept, Accept-Encoding
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-apigw-id: Y5QotGkpnUYEExg=
x-amz-cf-id: 54MnjrlpC7JMEwn28jdI4pvHJBQ8_1_4D1z50up6b3IpgeIJ0P5Dsw==
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-remapped-content-length: 138
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:26 GMT
x-amzn-requestid: 0a7eb356-2e90-4a3c-ba22-9fbaada55f51
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-correlation-id: f9126919f6f230bf6d6f33f4e13b60e8
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 2 KB
1 KB 43ms
18ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.sync.js
Requested by: Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 38f6905807c40f38927a21e48be0785eb7213c12e38d67a45eaa46ab10767565

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: EKx77crPXoXn30wwRlA14NpbT4Lbpuc8
content-encoding: gzip
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:22 GMT
last-modified: Thu, 09 May 2024 15:16:40 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
age: 6
x-amz-server-side-encryption: AES256
etag: W/"6aa15f80bbb39089fd322fff2579ea67"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: KsE1oUnWHV1Ja9VIcZKPAGff0OEtBCh-Uatguv6Ijx8mUcto67itSA==

GET
H2 200 css
fonts.googleapis.com/ 22 KB
2 KB 40ms
16ms Stylesheet
text/css 2a00:1450:4001:81c::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
date: Wed, 05 Jun 2024 13:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Wed, 05 Jun 2024 11:07:41 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 05 Jun 2024 13:00:27 GMT

GET
H2 200 main.css
benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/ 13 KB
7 KB 274ms
273ms Stylesheet
text/css 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

c42319ce7aea1c71d227a3f114dc79725b0362444c45901c3715d7c7511bf799

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: c2d5698b0f8b27bd834c3b5f8abb1fbf
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 499b6fc9-4536-4897-b14a-967121dcf92a
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5QozHfZnUYEE5A=
content-length: 3038
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"333f-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: lbsjUZbA2xhIFjWS_iriSHJ9s6b7y4xea5YRF8b0nKkPzvh0_mWlqA==

GET
H2 200 main.js Show response
benefitsplus-auth-dev.hsbc.com.hk/static/assets/js/ 12 KB
7 KB 305ms
304ms Script
application/javascript 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/js/main.js

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f63aa9cbf1ed197a7e8d6e192bedd57a3376bc1defa5fc2bcc84835eed6900c9

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 63c9ff448295b77998d560959e8abfb3
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 5efab165-01ac-4099-87bd-49a869d7e348
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5QozEDMHUYEbbQ=
content-length: 2912
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"30db-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: I1j2LfJgeH4o43wBf_h7mdCL091oJxIXvvFkVO8cBsUYgBt7j9Qaqw==

GET
H2 200 utag_data.js Show response
benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/ 832 B
5 KB 269ms
268ms Script
application/javascript 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag_data.js

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

6bdf7ebc9ab82052e74cbbfffe0a22c8afed792fe2cc1d0bd64eead45f9cd565

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 832
x-correlation-id: 4172016e797acb737611297f66f1731a
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: a1a4a082-1695-4317-ad35-c590bc0d5e47
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5QozGwmHUYEO-w=
content-length: 832
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"340-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: W0ii6DW9lXK1d6A8IoOkvea7E0pMyj0VSG4VpZ0wFHZBR5HjoPEPZQ==

GET
H2 200 utag.js Show response
benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/ 774 B
4 KB 724ms
723ms Script
application/javascript 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag.js

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

a88693b1d0e7bf5a2898c9e3d177c7c33ef2e551ef9a8bb948196d788e68e075

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 774
x-correlation-id: 30158bef0b7eec49d5d8ac3496e6f7b3
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 4d18c04d-3b56-4d1d-bc73-179580a28087
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5Qo3GarHUYEOmA=
content-length: 774
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"306-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: 09GZF4Q9WFVL9nfcqo1wqL0-aKq1zdzS_pNh88kR9dvCmDS0p2Czbw==

GET
H2 200 HSBC_logo_en.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 3 KB
5 KB 717ms
717ms Image
image/svg+xml 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/HSBC_logo_en.svg

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

4b98e82da5261a22970e177085ed1c4d0156e74c3d0a0a17a66760c5413d3af1

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 18852d98c9122dc09aa1fb767afad379
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 867378f2-028c-4c2d-a615-dcf851c17379
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5Qo3HTonUYEY8A=
content-length: 1203
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"b3d-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: i1C8ePLrz1NhLo4bblK1cGtbxX6Cu_tbELieBAC0GI_DhPGqS020Ew==

GET
H2 200 iconnext.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 286 B
4 KB 325ms
325ms Image
image/png 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/iconnext.png

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

9467767079a490ee2a938f0dc4e111596f9a300d170df03e21c59ed8e9d042bb

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 286
x-correlation-id: c1f41a87fc416dcce37c654b6a8f5c9d
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 0745a99a-156c-4bf4-9ee0-cd46aff05c67
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5QozF5DHUYEICg=
content-length: 286
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"11e-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: 3b4NlYP0_x0oPBmObG9jTue17aX1riC_vBQra2_yCmxzRATpbCkrQw==

GET
H2 200 en-HK.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 4 KB
8 KB 275ms
274ms Image
image/png 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/en-HK.png

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 4505
x-correlation-id: 63bb829d55c110130b1651800d227545
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 00bda970-7422-4144-9cdc-def90524100b
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5Qo2FLUnUYEaEQ=
content-length: 4505
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"1199-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: 1sA2xCr-meY4sLOlqN3QBpaEDiGbx33bO8ehYTDDJ03-ELEQIpM9LA==

GET
H2 200 zh-HK.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 5 KB
8 KB 738ms
737ms Image
image/png 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/zh-HK.png

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 4790
x-correlation-id: 02a46bcfe4a428fd11765398f7424705
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 52064992-8668-4920-b41d-8887239e5a43
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5Qo6GfbnUYEpMg=
content-length: 4790
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"12b6-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: skKsoR_X7Ur6f13OyPBNdPBIag2J92MFGDYBMxJ97nJTLQzluWdhlQ==

GET
H2 200 bg.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 5 KB
6 KB 751ms
751ms Image
image/svg+xml 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/bg.svg

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

a6a6c4cad34919cd1652a54a90191f5ac3c73ca00b24929a84e1e913cf605553

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: d14db09df998d2f81bbd21b2261bb732
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 75ab9bb7-b59c-4f05-ad29-5505d550b26a
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5Qo6HtUnUYEbxA=
content-length: 2118
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"15e5-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: ng55t_4O2jL2O6zvlBDjKetQSzoy9zCiiL46zxoaOG9CywZzvMByAg==

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 211 KB
44 KB 17ms
16ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Requested by: Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 3afef905eaf9caee6d56c2f364c9dfc8321288ef91a2534b223beeeae4bf98da

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: zqhOGIA4mvIgV.5vbiu.Bqw._lfux4ga
content-encoding: gzip
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:23 GMT
last-modified: Thu, 09 May 2024 15:16:40 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
age: 5
x-amz-server-side-encryption: AES256
etag: W/"a1440d3b84e9981a6af949f4494a8164"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=300
x-amz-cf-id: DH0AaAvuhTAFHbK6_ifkfreoJwgvu0DOCpsvf-dEqo_fAtMu4qHR2w==

GET
H2 200 en-HK.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 4 KB
4 KB 702ms
702ms Image
image/png 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/en-HK.png

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 7892c9caacaeaf9e2f196a68cd85fece
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amzn-remapped-content-length: 4505
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: b0b7e5a8-0e10-4a50-a547-e073d6906858
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5Qo-ECdnUYER7A=
content-length: 4505
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"1199-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:28 GMT
x-amz-cf-id: zFP_Nz1UM-LZLTsq9_hvJDy45RIJJVrr7XGQrqu8f5Y98RKqaFv0vg==

GET
H2 200 zh-HK.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 5 KB
4 KB 599ms
280ms Image
image/png 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/zh-HK.png

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 552b5b7147956b9185481068959123b4
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-content-type-options: nosniff
x-amzn-remapped-content-length: 4790
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 85427cf8-21f2-493d-ab61-6ee59f90f190
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5Qo9HRpHUYEYrg=
content-length: 4790
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"12b6-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:28 GMT
x-amz-cf-id: PUHYR15oU-KRxvV21rSKCA5_75QoRDh-2PcDoqlpXqouDnbD0jBDeg==

GET
H2 200 eye-inactive.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 1 KB
4 KB 287ms
287ms Image
image/svg+xml 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/eye-inactive.svg

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

be81363ab71f61fa670727b693a9c17a03690e1ef5e697605d90c78c3b455fa4

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:27 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 73bdc69e8f83ea0fe9ef12ed38b537af
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: cb049d38-17c6-4263-b0f6-6a1b6750b324
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5Qo6EQUnUYETcQ=
content-length: 663
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"54f-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:27 GMT
x-amz-cf-id: Wx-iMpZjr-VW7N36RdO1joGSs0VajeQXMy4nng7ABbBSjLXGCABVnw==

GET
H2 200 memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 47 KB
48 KB 28ms
6ms Font
font/woff2 2a00:1450:4001:810::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://fonts.googleapis.com/
Origin: https://benefitsplus-auth-dev.hsbc.com.hk
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Tue, 04 Jun 2024 14:39:21 GMT
x-content-type-options: nosniff
age: 80466
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 48236
x-xss-protection: 0
last-modified: Thu, 14 Dec 2023 02:08:40 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 04 Jun 2025 14:39:21 GMT

GET
H/1.1 200
OK location.js Show response
akamai.tiqcdn.com/location/ 18 B
562 B 42ms
8ms XHR
application/x-javascript 23.37.38.214
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://akamai.tiqcdn.com/location/location.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.37.38.214 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-37-38-214.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Wed, 05 Jun 2024 13:00:27 GMT
Last-Modified: Mon, 30 Apr 2018 23:09:19 GMT
Server: AkamaiNetStorage
ETag: "6c98be5fda77913799e8ef24b86a7abd:1525129759"
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: X-EdgeScape-Location
Cache-Control: max-age=1296000
X-EdgeScape-Location: country_code=DE,region_code=BY,city=NURNBERG,areacode=0,zip=0,bandwidth=5000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 18
Expires: Thu, 20 Jun 2024 13:00:27 GMT

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
431 B 6ms
6ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/hk-rbwm-gsp/202405091513&cb=1717592427855
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date: Wed, 05 Jun 2024 12:59:20 GMT
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
x-amz-cf-pop: MUC50-P3
age: 68
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 2
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
server: AmazonS3
etag: "7bc0ee636b3b83484fc3b9348863bd22"
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=300
accept-ranges: bytes
x-amz-cf-id: 8hHXVeaivFxEbYnqqhRqA-3t5a3q_9UuwCjkSAw7wnN2C1sQ5ZAoCA==

GET
H2 200 utag.187.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 38 KB
11 KB 395ms
394ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.187.js?utv=ut4.46.202202280912
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 9cb1d53337bfb32f26a211d01cea0bc36cd377c0b8cd7b9c858c50fe8b8f8abc

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: z3QEj4RTx_qWl3xOAPql83y7QH8Ipif7
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:38 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"62ae3ebb665ed75aa20c199b68c042e1"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: rQ4pw9RePLG7H9DSNcDfSa4tvaOzQxz4MvvjA_1CIHWv2NmuNkWLsA==

GET
H2 200 utag.249.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 3 KB
2 KB 386ms
385ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.249.js?utv=ut4.46.202208100919
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: faaeaae82d610fa00afb9236e8334f2c48101a66fc69348c33b185360bbb02e4

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: d_v4tHOTkW8iHvxmTixQ9qXd7NALq6e3
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:24 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"59abccdf662cc0a0fda1c4f707cf9a2c"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: Aa6JEDJYakeTkeHdq7_1MIyJ-qBwFpqs1e-i52kjwpmYKb0EbMdyLw==

GET
H2 200 utag.760.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 2 KB
2 KB 409ms
408ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.760.js?utv=ut4.46.202108091531
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1b01f142d67b4ae857003f3facfa3706b903f5c5201556ca69252ec38968529b

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: ZrdEL0Szjwbfs0xMeht0qphlhXawuJGX
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:39 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"adda2d765997fb31f90dcf36103d478f"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: RR8H50lGuh8qCtKkYuHtchKl5culEsd9YyQOsLXHjD-OLtfsXBC2Zg==

GET
H2 200 utag.770.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 22 KB
7 KB 604ms
603ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.770.js?utv=ut4.46.202206291356
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7c6e5db0c800c759919265c34d10d441e38a27733cfb867b214777e8fb237371

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: fd0jfWCGTi7.K0vfmCgpZp3wiIYFEkNY
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:39 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"1e41c944fb868e765c782e2c0027cdcf"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: VQXkQLF9o9SRKON3ds7KM81OBVBXek-tHKFOF4mI8ibovxR9gnPAgg==

GET
H2 200 utag.811.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 5 KB
2 KB 390ms
389ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.811.js?utv=ut4.46.202401221012
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c098f9e565ae64ba124c1eb720723de8a0f8b0df8e11ea38c81e5d5bb83475ac

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: LA2sEJ7IEaZh4cQ0J_9NGn1Te0kGY6oM
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:21 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"4f70cb9051761529e250fc41d588e511"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: PeVbhGA6SP0l2DyYON3QKKl4tIzvNCLdivleJ8_eHEDNQZSthp6HTA==

GET
H2 200 utag.822.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 5 KB
2 KB 396ms
395ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.822.js?utv=ut4.46.202112171407
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c741ac64fe72475b8ae5c1e3e0d3e8dbe39a2f7241ab96f6976ded46c8c80b7a

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: bxIWMpw3VqihD3tcC_1WW6oPTSLJsMpr
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:30 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"8e4c4713a7ce2b32cd5499f5ab4f01b1"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: K6F9moDrsdBci00whdKYwAxwkSXWJBUqV7D0TL3N9azpnOTWU6w51A==

GET
H2 200 utag.877.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 8 KB
3 KB 412ms
411ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.877.js?utv=ut4.46.202304041402
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c07f0d2bee093f108d787685ce49777105b359547db73f50cc3f2c198848074

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: eCPPOpoZl0NjB3B7gHnBtg99grabkm_M
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:39 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"caa16d68c7b353baddc6298442588487"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: nZQ_TZY2x2GtJQKxiRrIszar0zBNHPdL67AE09Q4B1R2yubwl8pj-g==

GET
H2 200 utag.884.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 17 KB
5 KB 426ms
426ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c4cf5cb72e92e4587bfe0d3180a6e182f446decf79d38a295d225e6c5be00d31

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: nkmScipzQ7xMxJF5PPnTzVGjMESmNT88
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:23 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"2ad4988ecf29caf2114deb58b185d8b2"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: Z6CDJa9H6r-xrMGWfpPPQ692152jhHXwcgi8kBC6oLipzexnLK3riw==

GET
H2 200 utag.894.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 1001 KB
121 KB 397ms
396ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0226a856e4ed5cb72ff3ebea0548da570a5f56f8afccb81765336a276f628283

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: umwXLu9gZrHtE9lYP3SyR9vVXz2Fd_u7
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:37 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"91da6a652743feb3f603ecfd84d76a23"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: 9d-U_4MkjLXLklgr7JuhG4VE_-W2sfl5B2uMXRCQtbwwLdvuewpdBw==

GET
H2 200 utag.926.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 7 KB
3 KB 389ms
389ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.926.js?utv=ut4.46.202205311742
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f147f628d488e3a9adb175dec938d90187ee634e79374975ccfd4e35122a188f

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: R2lg0skq3M9vePYto49AjjIRKkf3Np9g
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:29 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"74c0a152e8fc9ea61bc6026975b256e5"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: CyY4jMw9x_-VPCKbiEYgxhBYsPRY_jKo4OyN5FMLdrp4SuYyE2n-Tg==

GET
H2 200 utag.927.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 10 KB
4 KB 438ms
437ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.927.js?utv=ut4.46.202205311742
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6121a30f77ac85f73ec5d28aa879b6af4c20ba4b1e0cc567f4a4e22325b82b52

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: wZSMLE9wQ96igEcQox5xUWjV0Ju8dhiu
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:39 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"3d89aa3ebe4e7d018333130dcb58a5af"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: -pO_wgjxYpdhCrSxToN4IJytEfcoBVLiuO_gyqTtnZaTZKkqNiZKDA==

GET
H2 200 utag.931.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 47 KB
12 KB 397ms
397ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 4ef3e0635dcbcb059c772cd7c60de491073a21b488fbb250b0b868199f2732b2

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 1jH8zpDONTpPrB9pQGGL27qyz6TYfbcR
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:29 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"0007e46c4e0a342a659ca31c79a50c8e"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: BDjo6Um0gPzkwk1FTcL9LbK23NDfJOEj-1rhhkuRuX-dulxyPW4eFA==

GET
H2 200 utag.994.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 4 KB
2 KB 122ms
122ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.994.js?utv=ut4.46.202401050524
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 5e9cea0f194422bd58a13cb607428149342b2062b27fbe8baac7ed65b49b28da

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: 7V1f5LJGQ8FhtK5JzCYI3eH.ny8YLp04
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:28 GMT
last-modified: Thu, 09 May 2024 15:16:28 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"5bfc3b87e323ddf1efd0f856cf475d59"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: -rwvirohZZsWCgXG_fH1gIB9bFqUu_tyvJdEqsKpFgmQ3NF2OWbY6w==

GET
H2 200 utag.1026.js Show response
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 205 KB
58 KB 421ms
420ms Script
application/javascript 2600:9000:26db:c600:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:26db:c600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f8ceeab514ef6d3a41cfb72416159c14b0150919a4df4a085ad27826cff745ae

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-amz-version-id: FV2PPnqGc_PVE6iUYvR5NE3ecvuyy9eU
content-encoding: br
via: 1.1 cb7ecd2473bf95a71af8d1ff8d1034fa.cloudfront.net (CloudFront)
date: Wed, 05 Jun 2024 13:00:29 GMT
last-modified: Thu, 09 May 2024 15:16:28 GMT
server: AmazonS3
x-amz-cf-pop: MUC50-P3
x-amz-server-side-encryption: AES256
etag: W/"3366e7cc68de9fdd1a5ab64949670512"
vary: Accept-Encoding
x-cache: RefreshHit from cloudfront
content-type: application/javascript
cache-control: max-age=1296000
x-amz-cf-id: sebgVXbwNOyvKz5WY1_vbCilBd5VxEPV1MkTnWbNOdWrfM_OQKX38A==

GET
H2 200 ytc.js Show response
s.yimg.com/wi/ 18 KB
7 KB 48ms
16ms Script
application/javascript 2a00:1288:80:807::2
YAHOO-DEB

General

Check archive.org

Show headers Download Go to

Full URL

https://s.yimg.com/wi/ytc.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),

Reverse DNS

Software

ATS /

Resource Hash

480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

ats-carp-promotion: 1, 1
date: Wed, 05 Jun 2024 12:01:23 GMT
x-amz-version-id: xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW
content-encoding: gzip
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-amz-request-id: C76CDQSDC48E7TV6
age: 3546
x-amz-server-side-encryption: AES256
content-length: 6262
x-amz-id-2: EKmrsZuj6UGdb7EcHvZzqNCBBukhcM0l8r3MucfxbLGqABEkseZka4SvNMH8ngv+BVhZxAFDrE0=
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
x-amz-expiration: expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified: Mon, 26 Jun 2023 09:26:35 GMT
server: ATS
etag: "5c6ed25dce803fd84288922b8928409e-df"
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary: Origin, Accept-Encoding
content-type: application/javascript
cache-control: public,max-age=3600
accept-ranges: bytes

GET
H2 200 generic
match.adsrvr.org/track/cmf/ 70 B
149 B 317ms
30ms Image
image/gif 35.71.131.137
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=tealium&ttd_tpi=1&gdpr=0
Requested by: Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 35.71.131.137 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: Kestrel /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
server: Kestrel
content-length: 70
content-type: image/gif

POST session.json
www.hkg1vl0048.p2g.netd2.hsbc.com.hk/9332/handler9/ 0
0

GET JavascriptInsert.js
www.hkg1vl0048.p2g.netd2.hsbc.com.hk/ 0
0

GET pixel
cm.g.doubleclick.net/ 0
0

POST
H2 200 i.gif Show response
collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/ 43 B
780 B 1115ms
552ms XHR
image/gif 52.197.35.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/i.gif
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.197.35.231 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-35-231.ap-northeast-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryUD3DYYVBcLDpIK2N

Response headers

date: Wed, 05 Jun 2024 13:00:29 GMT
x-serverid: uconnect_i-0d82d4aed710b49cd
x-tid: 018fe87c8d340021b14712e68e780506f005406700b08
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc: hsbc:wpb-stream-hk:2:datacloud
x-region: ap-northeast-1
content-length: 43
pragma: no-cache
x-did: 018fe87c8d340021b14712e68e780506f005406700b08
vary: Origin
content-type: image/gif
access-control-allow-origin: https://benefitsplus-auth-dev.hsbc.com.hk
x-ulver: c96738eb23f13a0bc90b20c8f326b2afa31d7e2b-SNAPSHOT
access-control-expose-headers: X-Region
cache-control: no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
x-uuid: 4c9f5570-a2e8-485d-a9b1-08c6f7c32a00
expires: Wed, 05 Jun 2024 13:00:29 GMT

GET
H2 404 walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js
benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/ 0
0 276ms
276ms Script
application/json 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
x-amzn-remapped-content-length: 187
x-correlation-id: bac8e5db0048ec8f6cd611d10ec8cefa
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: a434bdc1-37fb-4ee5-97b8-10c787e3afd7
x-dns-prefetch-control: off
x-cache: Error from cloudfront
x-amz-apigw-id: Y5Qo_GkWHUYEcbA=
content-length: 187
x-xss-protection: 1; mode=block
server: CloudFront
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:28 GMT
x-amz-cf-id: Ckia_FbufDqpxhqK1txZDbogD680B0tgnjkZ0wfZvX4owa-bKNTT5w==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 202 KB
74 KB 273ms
41ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-1000000

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.877.js?utv=ut4.46.202304041402

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6fafcf6e3a8b47c672a769d1020ab682fe5a0e44df173602db16a1ea75e175c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 75094
x-xss-protection: 0
last-modified: Wed, 05 Jun 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 05 Jun 2024 13:00:28 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
500 B 120ms
38ms Image
image/gif 3.255.41.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=1000&d=Wed%2C%2005%20Jun%202024%2013%3A00%3A28%20GMT&n=-2d&b=Welcome%20to%20HSBC%20Life%20Benefits%2B&.yp=423090&f=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk%2Flogin%3Fuid%3DbsIZgLbF3tVL9Mg14nhqE%26lang%3Den-HK&enc=UTF-8&yv=1.15.1&et=custom&tagmgr=tealium

Requested by

Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.255.41.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-255-41-64.eu-west-1.compute.amazonaws.com

Software

ATS/9.1.10.112 /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 05 Jun 2024 13:00:28 GMT
via: http/1.1 traffic_server (ApacheTrafficServer/9.1.10.112)
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS/9.1.10.112
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Wed, 05 Jun 2024 13:00:28 GMT

GET
BLOB 200
OK cad3e17e-c335-4ab4-bf75-839921ce6003
https://benefitsplus-auth-dev.hsbc.com.hk/ 176 KB
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://benefitsplus-auth-dev.hsbc.com.hk/cad3e17e-c335-4ab4-bf75-839921ce6003
Requested by: Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 51ddb2a0b09f8c8b32c18a23096b4b28a0a6d6f876aaff3cf3fc3da63215b6ea

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length: 180285
Content-Type

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 26 KB
10 KB 92ms
19ms Script
application/javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/tag/tag.js?site=19211303

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

f9a5649d70f74cde04ab0c3f8a8f41810772e9970befa7fee8e339bcf4dd3b08

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubDomains
last-modified: Tue, 31 Oct 2023 18:56:18 GMT
server: ws
etag: "65414dd2-24b8"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 9400

POST
H/1.1 200
OK session.json Show response
www.issthk-dev.hsbc.com.hk/2236/js/events/v10/ 6 KB
7 KB 1379ms
337ms XHR
application/json 203.112.83.226
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.issthk-dev.hsbc.com.hk:31000/2236/js/events/v10/session.json

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Apache /

Resource Hash

56dd920e68476c84971cdc3f4d0d008fccb0a291ecdf914397bb82e58ca94fea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 05 Jun 2024 13:00:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: https://benefitsplus-auth-dev.hsbc.com.hk
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
S: DWSMCMRP01HK
Keep-Alive: timeout=5, max=100
Content-Length: 6460

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 219 KB
59 KB 22ms
8ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.770.js?utv=ut4.46.202206291356

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 05 Jun 2024 13:00:28 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57975
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=6, rtx=0, c=12, mss=1297, tbw=2779, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: ZT2XMjHnZhd3SUGkw9RAVJhzPDJLxZEYdmGAWSxqPOkPbk7m52hx/MqkBt9J6/H8y/zEfI4ybXD+Yi3NPABfmA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
87 KB 42ms
41ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-956500078&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fdfd8809c0aa9423f4c32db3729fdb844cf58d859be405016823a456646bb068

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88625
x-xss-protection: 0
last-modified: Wed, 05 Jun 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 05 Jun 2024 13:00:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
92 KB 42ms
42ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

3aa5733e2bd7207e6eb775a1004c6ab02f6f83de25ebcd23abf5fbf9af89b30b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 94101
x-xss-protection: 0
last-modified: Wed, 05 Jun 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 05 Jun 2024 13:00:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 235 KB
84 KB 58ms
58ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10951076746&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6641d53ad39a4097d252706abc3172c0d0f95707b62d903f59fc0487ec95facc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85785
x-xss-protection: 0
last-modified: Wed, 05 Jun 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 05 Jun 2024 13:00:28 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 223 KB
81 KB 56ms
56ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-793957276&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

baf268b62a21b65716e0be4af4bc61907e8de8cfac0284d8cf9c42615c0c2e3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:28 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 82771
x-xss-protection: 0
last-modified: Wed, 05 Jun 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 05 Jun 2024 13:00:28 GMT

GET
H2 200 291998267968113 Show response
connect.facebook.net/signals/config/ 183 KB
31 KB 237ms
236ms Script
application/x-javascript 2a03:2880:f084:d:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/291998267968113?v=2.9.157&r=stable&domain=benefitsplus-auth-dev.hsbc.com.hk&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f084:d:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7572548a7c3c08d771234e67ef8dfe24306ef3251f61dddbaf77a7a40c8a1504

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 05 Jun 2024 13:00:28 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=12, rtx=0, c=64, mss=1297, tbw=63511, tp=-1, tpl=-1, uplat=229, ullat=0
pragma: public
x-fb-debug: eYzui28PDJPl3AlbYHffjCpO6LKVAjRADqu0XwE0o2bh6uR6srclPD6/Y/NCK/EXUUn+WBOGIyoVwUTeIs4rVQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET /
www.facebook.com/tr/ 0
0

GET /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 0
0

GET
DATA 200
OK truncated
/ Frame B0D2 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame B0D2 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D15D 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame D15D 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E822 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame E822 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 018fe87c8d340021b14712e68e780506f005406700b08 Show response
visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/ 19 KB
19 KB 750ms
247ms Script
application/javascript 54.95.104.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/018fe87c8d340021b14712e68e780506f005406700b08?callback=utag.ut%5B%22writevawpb-stream-hk%22%5D&rnd=1717592429452

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.95.104.89 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-95-104-89.ap-northeast-1.compute.amazonaws.com

Software

Resource Hash

2964dcfd148a7fec136b04c7815aac496f3202747f5c3f895a41734cd2d58333

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 11d7bbd50ca6e483bdf66ea1e0a69c8b382f4346-SNAPSHOT
date: Wed, 05 Jun 2024 13:00:30 GMT
strict-transport-security: max-age=31536000; includeSubdomains
x-region: ap-northeast-1
content-length: 19204
x-nodeid: i-0a3d6b509086488dc
content-type: application/javascript; charset=utf-8

POST
H/1.1 200
OK jsEvent.json Show response
www.issthk-dev.hsbc.com.hk/2236/9007199255994824/js/events/v10/ 106 B
820 B 325ms
325ms XHR
application/json 203.112.83.226
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.issthk-dev.hsbc.com.hk:31000/2236/9007199255994824/js/events/v10/jsEvent.json

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Apache /

Resource Hash

3f0304555ef46520c1e41b341c863dec19bee4231d073b268a7af3da22e49746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 05 Jun 2024 13:00:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: https://benefitsplus-auth-dev.hsbc.com.hk
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
S: DWSMCMRP01HK
Keep-Alive: timeout=5, max=99
Content-Length: 106

POST
H2 200 i.gif Show response
collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/ 43 B
779 B 544ms
544ms XHR
image/gif 52.197.35.231
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/i.gif
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.197.35.231 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-197-35-231.ap-northeast-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryGg5POmKlt4US8Pxc

Response headers

date: Wed, 05 Jun 2024 13:00:30 GMT
x-serverid: uconnect_i-0909867c1ad6172d7
x-tid: 018fe87c8d340021b14712e68e780506f005406700b08
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc: hsbc:wpb-stream-hk:2:datacloud
x-region: ap-northeast-1
content-length: 43
pragma: no-cache
x-did: 018fe87c8d340021b14712e68e780506f005406700b08
vary: Origin
content-type: image/gif
access-control-allow-origin: https://benefitsplus-auth-dev.hsbc.com.hk
x-ulver: c96738eb23f13a0bc90b20c8f326b2afa31d7e2b-SNAPSHOT
access-control-expose-headers: X-Region
cache-control: no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials: true
x-uuid: cde0690a-be39-49e7-bd65-f09c598517e4
expires: Wed, 05 Jun 2024 13:00:30 GMT

GET
H2 200 sp.pl
sp.analytics.yahoo.com/ 43 B
123 B 39ms
39ms Image
image/gif 3.255.41.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://sp.analytics.yahoo.com/sp.pl?a=1000&b=Welcome%20to%20HSBC%20Life%20Benefits%2B&.yp=423090&f=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk%2Flogin%3Fuid%3DbsIZgLbF3tVL9Mg14nhqE%26lang%3Den-HK&enc=UTF-8&yv=1.15.1&et=custom&tagmgr=tealium%2Cgtm

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

3.255.41.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-255-41-64.eu-west-1.compute.amazonaws.com

Software

ATS/9.1.10.112 /

Resource Hash

0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39

Security Headers

Name	Value
Content-Security-Policy	sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 05 Jun 2024 13:00:30 GMT
via: http/1.1 traffic_server (ApacheTrafficServer/9.1.10.112)
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
server: ATS/9.1.10.112
content-security-policy: sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age: 0
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options: DENY
content-type: image/gif
cache-control: no-cache, private, must-revalidate
accept-ranges: bytes
content-length: 43
expires: Wed, 05 Jun 2024 13:00:30 GMT

GET /
www.facebook.com/tr/ 0
0

GET /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 0
0

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/ 334 KB
118 KB 24ms
24ms Script
application/x-javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_bsIZgLbF3tVL9Mg14nhqE&b=1

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

eed182ea98c84bb481578575f3d07b84bd701b41b197b6f81dae64300a13a2d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:30 GMT
strict-transport-security: max-age=63072000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
server: ws
x-cache-status: MISS
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

POST
H/1.1 200
OK jsEvent.json Show response
www.issthk-dev.hsbc.com.hk/2236/9007199255994824/js/events/v10/ 107 B
821 B 328ms
327ms XHR
application/json 203.112.83.226
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.issthk-dev.hsbc.com.hk:31000/2236/9007199255994824/js/events/v10/jsEvent.json

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Apache /

Resource Hash

946ad337c0a9c0753d4310d0133001fc943a24d73b9126b50850866788260ed2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 05 Jun 2024 13:00:30 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: https://benefitsplus-auth-dev.hsbc.com.hk
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
S: DWSMCMRP01HK
Keep-Alive: timeout=5, max=98
Content-Length: 107

GET
H2 200 hsbc-favicon.ico
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 1 KB
4 KB 288ms
288ms Other
image/x-icon 2600:9000:266e:1600:a:9a74:f000:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/hsbc-favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:266e:1600:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

CloudFront /

Resource Hash

ea0664a949fba1e56da947f65ca0833ce4296e116c6f2f6d3d518f54e2bb7391

Security Headers

Name	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 05 Jun 2024 13:00:30 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-correlation-id: 40f7748d1358069b9f5c5965acbd6d6f
content-security-policy: font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via: 1.1 d8ec42efeb409ac816e90eb0236c1f4a.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P8
x-amzn-remapped-connection: keep-alive
x-amzn-requestid: 16a4d7f2-9af4-441f-bd61-eba282072270
x-dns-prefetch-control: off
x-cache: Miss from cloudfront
x-amz-apigw-id: Y5QpVHK9nUYElhg=
content-length: 216
x-xss-protection: 1; mode=block
last-modified: Tue, 28 May 2024 11:45:21 GMT
server: CloudFront
etag: W/"47e-18fbf04e868"
x-download-options: noopen
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/x-icon
access-control-allow-origin: *
cache-control: public, max-age=0
accept-ranges: bytes
x-amzn-remapped-date: Wed, 05 Jun 2024 13:00:30 GMT
x-amz-cf-id: 2Dcvl4r9C2-pukWEXPX7bbQTIwxTe3NHNnZSbg7Ht4HbxqaIEtzZVQ==

GET /
accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/ 0
0

GET ui-framework.js
lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/ 0
0

GET surveylogicinstance.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/ 0
0

GET zones
accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/ 0
0

POST
H/1.1 200
OK jsEvent.json Show response
www.issthk-dev.hsbc.com.hk/2236/9007199255994824/js/events/v10/ 107 B
821 B 332ms
332ms XHR
application/json 203.112.83.226
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.issthk-dev.hsbc.com.hk:31000/2236/9007199255994824/js/events/v10/jsEvent.json

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Apache /

Resource Hash

bc7a9184a2a594c280e8fe69307a517df1fb00436b0ae579a0e753a783388c13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 05 Jun 2024 13:00:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: https://benefitsplus-auth-dev.hsbc.com.hk
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
S: DWSMCMRP01HK
Keep-Alive: timeout=5, max=97
Content-Length: 107

GET
H2 200 018fe87c8d340021b14712e68e780506f005406700b08 Show response
visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/ 19 KB
19 KB 248ms
247ms Script
application/javascript 54.95.104.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/018fe87c8d340021b14712e68e780506f005406700b08?callback=utag.ut%5B%22writevawpb-stream-hk%22%5D&rnd=1717592431033

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.95.104.89 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-95-104-89.ap-northeast-1.compute.amazonaws.com

Software

Resource Hash

2964dcfd148a7fec136b04c7815aac496f3202747f5c3f895a41734cd2d58333

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

x-version: 11d7bbd50ca6e483bdf66ea1e0a69c8b382f4346-SNAPSHOT
date: Wed, 05 Jun 2024 13:00:31 GMT
strict-transport-security: max-age=31536000; includeSubdomains
x-region: ap-northeast-1
content-length: 19204
x-nodeid: i-05a9e57157a06e54b
content-type: application/javascript; charset=utf-8

GET storage.secure.min.js
lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/ 0
0

GET
H2 200 storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/ Frame 97A6 0
0 81ms
8ms Document
text/html 34.120.154.120
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/storage.secure.min.html?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_bsIZgLbF3tVL9Mg14nhqE&b=1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 120.154.120.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: none
access-control-allow-origin: *
access-control-expose-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
age: 1063591
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public,max-age=31536000
content-encoding: br
content-length: 16270
content-type: text/html
date: Fri, 24 May 2024 05:34:00 GMT
etag: W/"08e1e10c1128f5e33067543842258486"
last-modified: Fri, 24 May 2024 04:58:31 GMT
server: UploadServer
timing-allow-origin: https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
vary: Accept-Encoding
x-goog-generation: 1716526711896314
x-goog-hash: crc32c=Z19eGg== md5=COHhDBEo9eMwZ1Q4QiWEhg==
x-goog-metageneration: 1
x-goog-storage-class: MULTI_REGIONAL
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 48296
x-guploader-uploadid: ABPtcPppg0w3qgH3GNtCSQjCdQvo5JqPO7R2HyL042xQBWO_9nqzCI8tiQzOdIYV0WPSx0sK6To

POST
H/1.1 200
OK jsEvent.json Show response
www.issthk-dev.hsbc.com.hk/2236/9007199255994824/js/events/v10/ 107 B
821 B 326ms
326ms XHR
application/json 203.112.83.226
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.issthk-dev.hsbc.com.hk:31000/2236/9007199255994824/js/events/v10/jsEvent.json

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Apache /

Resource Hash

3803610e6af4623280e06a8b78f0cbff37dea2a232200839e8252b7084394798

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 05 Jun 2024 13:00:31 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: https://benefitsplus-auth-dev.hsbc.com.hk
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
S: DWSMCMRP01HK
Keep-Alive: timeout=5, max=96
Content-Length: 107

POST
H/1.1 200
OK jsEvent.json Show response
www.issthk-dev.hsbc.com.hk/2236/9007199255994824/js/events/v10/ 108 B
688 B 323ms
323ms XHR
application/json 203.112.83.226
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.issthk-dev.hsbc.com.hk:31000/2236/9007199255994824/js/events/v10/jsEvent.json

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Apache /

Resource Hash

f9bf6ec7e8ac9686704d89dae1f0414a616dd4fa810435a849434667813ef16a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 05 Jun 2024 13:00:32 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: https://benefitsplus-auth-dev.hsbc.com.hk
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
S: DWSMCMRP01HK
Keep-Alive: timeout=5, max=95
Content-Length: 108

GET
H2 200 i.js Show response
datacloud.tealiumiq.com/tealium_ttd/main/16/ 39 B
662 B 42ms
8ms Script
application/javascript 18.194.74.133
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://datacloud.tealiumiq.com/tealium_ttd/main/16/i.js?jsonp=utag.ut.tealium_pass_ttdid
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.926.js?utv=ut4.46.202205311742
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.74.133 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-194-74-133.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: dd9b11bb7723d648dee86c40524b1f927054223967194dee794d19ac49fac3a9

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 05 Jun 2024 13:00:33 GMT
x-serverid: uconnect_i-08d3b845273934333
x-tid: 63b8aad3aa0646a6ac899da8ccd06eb0
vary: Origin
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc: tealium_ttd:main:16:datacloud
x-ulver: c96738eb23f13a0bc90b20c8f326b2afa31d7e2b-SNAPSHOT
content-type: application/javascript
cache-control: no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
x-region: eu-central-1
content-length: 39
x-uuid: 63b8aad3-aa06-46a6-ac89-9da8ccd06eb0
expires: Wed, 05 Jun 2024 13:00:33 GMT

POST
H/1.1 200
OK jsEvent.json Show response
www.issthk-dev.hsbc.com.hk/2236/9007199255994824/js/events/v10/ 50 B
629 B 323ms
322ms XHR
application/json 203.112.83.226
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.issthk-dev.hsbc.com.hk:31000/2236/9007199255994824/js/events/v10/jsEvent.json

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Apache /

Resource Hash

edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform: "Win32"
Referer: https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Wed, 05 Jun 2024 13:00:34 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/json
Access-Control-Allow-Origin: https://benefitsplus-auth-dev.hsbc.com.hk
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control: no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
S: DWSMCMRP01HK
Keep-Alive: timeout=5, max=94
Content-Length: 50

GET .jsonp
lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.hkg1vl0048.p2g.netd2.hsbc.com.hk
URL: https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/9332/handler9/session.json

Domain: www.hkg1vl0048.p2g.netd2.hsbc.com.hk
URL: https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/JavascriptInsert.js

Domain: cm.g.doubleclick.net
URL: https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=018fe87c8d340021b14712e68e780506f005406700b08&tealium_account=hsbc&tealium_profile=wpb-stream-hk

Domain: www.facebook.com
URL: https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717592428918&sw=1600&sh=1200&ud[external_id]=48c267ffd85d5c5abe01f427ec5bd35e9cd08280aa75d08ece2ab4042b995b16&v=2.9.157&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1717592428917.799896240817167253&cs_est=true&pm=1&hrl=0a80e2&ler=empty&cdl=API_unavailable&it=1717592428661&coo=false&eid=27ce914169e95590986193b22b838821&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=GET

Domain: www.facebook.com
URL: https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717592428918&sw=1600&sh=1200&ud[external_id]=48c267ffd85d5c5abe01f427ec5bd35e9cd08280aa75d08ece2ab4042b995b16&v=2.9.157&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1717592428917.799896240817167253&cs_est=true&pm=1&hrl=0a80e2&ler=empty&cdl=API_unavailable&it=1717592428661&coo=false&eid=27ce914169e95590986193b22b838821&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=FGET

Domain: www.facebook.com
URL: https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717592430467&sw=1600&sh=1200&ud[external_id]=48c267ffd85d5c5abe01f427ec5bd35e9cd08280aa75d08ece2ab4042b995b16&v=2.9.157&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1717592428917.799896240817167253&cs_est=true&pm=1&hrl=0a80e2&ler=empty&cdl=API_unavailable&it=1717592428661&coo=false&eid=27ce914169e95590986193b22b838821&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=GET

Domain: www.facebook.com
URL: https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717592430467&sw=1600&sh=1200&ud[external_id]=48c267ffd85d5c5abe01f427ec5bd35e9cd08280aa75d08ece2ab4042b995b16&v=2.9.157&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1717592428917.799896240817167253&cs_est=true&pm=1&hrl=0a80e2&ler=empty&cdl=API_unavailable&it=1717592428661&coo=false&eid=27ce914169e95590986193b22b838821&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=FGET

Domain: accdn.lpsnmedia.net
URL: https://accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/?cb=accountSettingsCB

Domain: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/ui-framework.js?version=10.37.0-release_1294589553

Domain: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/surveylogicinstance.min.js?version=10.37.0-release_1294589553

Domain: accdn.lpsnmedia.net
URL: https://accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB

Domain: lpcdn.lpsnmedia.net
URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/storage.secure.min.js?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&env=prod&accdn=accdn.lpsnmedia.net

Domain: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&ct=lpSecureStorage%2Clp_sdes%2Ccobrowse%2Cscraper%2ClpActivityMonitor%2CrendererStub%2Clp_version_detector%2Clp_monitoringSDK%2ClpTransporter%2ClpUnifiedWindow%2CSMT%2Chooks%2Clp_SMT%2Cauthenticator%2CcleanCCPatterns%2Clp_global_utils%2CunAuthMessaging%2CjsLoader&s=gsp_insurance_benefit-plus_login_bsIZgLbF3tVL9Mg14nhqE&b=1

Verdicts & Comments Add Verdict or Comment

200 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.benefitsplus-auth-dev.hsbc.com.hk/interaction/bsIZgLbF3tVL9Mg14nhqE	1970-01-20 21:06:36	Name: _interaction Value: bsIZgLbF3tVL9Mg14nhqE
.benefitsplus-auth-dev.hsbc.com.hk/interaction/bsIZgLbF3tVL9Mg14nhqE	1970-01-20 21:06:36	Name: _interaction.sig Value: x6g_iZnG3mqIxN8OwHTYVSWvpQo
benefitsplus-auth-dev.hsbc.com.hk/authorize/bsIZgLbF3tVL9Mg14nhqE	1970-01-20 21:06:36	Name: _interaction_resume Value: bsIZgLbF3tVL9Mg14nhqE
benefitsplus-auth-dev.hsbc.com.hk/authorize/bsIZgLbF3tVL9Mg14nhqE	1970-01-20 21:06:36	Name: _interaction_resume.sig Value: zo0eCDXPZMXFK5_MImVaqbGEbfA
benefitsplus-dev.hsbc.com.hk/	1969-12-31 23:59:59	Name: state Value: %252F
.hsbc.com.hk/	1969-12-31 23:59:59	Name: tms_ref Value:
.hsbc.com.hk/	1969-12-31 23:59:59	Name: usy46gabsosd Value: HSBCHKUAT_17175924282660.f96c908fc1fa574358236edf7f42d1f4_9332
.hsbc.com.hk/	1970-01-21 05:52:08	Name: bmuid Value: 1717592428552-5B9CE0EA-1752-4D75-9FDF-6D1D7950CFE3
.hsbc.com.hk/	1970-01-20 23:16:08	Name: _gcl_au Value: 1.1.1148901266.1717592429
.hsbc.com.hk/	1970-01-20 23:16:08	Name: _fbp Value: fb.2.1717592428917.799896240817167253
.hsbc.com.hk/	1970-01-21 05:52:08	Name: cdSNum Value: 1717592428940-sjn0000624-1fe6620b-b2c9-49f2-ad10-8334ae9411b0
www.issthk-dev.hsbc.com.hk/	1970-01-21 00:42:32	Name: HSBCHKDEV9cdPersisted Value: _961f5278998041528c9d04491f2449965dd306354e844da6b885cfeed3f7bbda_44c34b7cb9e24cb58dabf9a31e3df8d5
.hsbc.com.hk/	1969-12-31 23:59:59	Name: HSBCHKDEV9session Value: 9007199255237159_1717592428577_1717592429786_2236_9c64448582b3443d903b38aaf1b6430b
.hsbc.com.hk/	1970-01-21 00:42:32	Name: HSBCHKDEV9persisted Value: _961f5278998041528c9d04491f2449965dd306354e844da6b885cfeed3f7bbda_44c34b7cb9e24cb58dabf9a31e3df8d5_1717592429786_9007199255237159_1717592429786_1
.hsbc.com.hk/	1970-01-21 05:52:08	Name: utag_main Value: v_id:018fe87c8d340021b14712e68e780506f005406700b08$_sn:1$_se:2$_ss:0$_st:1717594230450$ses_id:1717592427828%3Bexp-session$_pn:1%3Bexp-session$dcsyncran:1%3Bexp-session$dc_group:31$dc_visit:1$dc_event:2%3Bexp-session$dc_region:ap-northeast-1%3Bexp-session$_prevpage:ib%3Ainsurance%3Abenefit%20plus%3Alogin%3Bexp-session
.hsbc.com.hk/	1969-12-31 23:59:59	Name: cdContextId Value: 3
www.issthk-dev.hsbc.com.hk/	1969-12-31 23:59:59	Name: HSBCHKDEV9cdSession Value: 9007199255237159_1717592431629_1717592429786_2236_9c64448582b3443d903b38aaf1b6430b
.tealiumiq.com/	1970-01-21 05:52:08	Name: TAPID Value: tealium_ttd/main>63b8aad3aa0646a6ac899da8ccd06eb0\|hsbc/wpb-stream-hk>018fe87c8d340021b14712e68e780506f005406700b08\|

31 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Refused to load the image 'https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=018fe87c8d340021b14712e68e780506f005406700b08&tealium_account=hsbc&tealium_profile=wpb-stream-hk' because it violates the following Content Security Policy directive: "img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
network	error	URL: https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js Message: Failed to load resource: the server responded with a status of 404 ()
security	error	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Refused to execute script from 'https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 139) Message: Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be4630v891155749za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&userId=018fe87c8d340021b14712e68e780506f005406700b08&npa=1&frm=0&pscdl=noapi&auid=1148901266.1717592429&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 139) Message: Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be4630v891155749za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&userId=018fe87c8d340021b14712e68e780506f005406700b08&npa=1&frm=0&pscdl=noapi&auid=1148901266.1717592429&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security	error	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Refused to load the image 'https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717592428918&sw=1600&sh=1200&ud[external_id]=48c267ffd85d5c5abe01f427ec5bd35e9cd08280aa75d08ece2ab4042b995b16&v=2.9.157&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1717592428917.799896240817167253&cs_est=true&pm=1&hrl=0a80e2&ler=empty&cdl=API_unavailable&it=1717592428661&coo=false&eid=27ce914169e95590986193b22b838821&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=GET' because it violates the following Content Security Policy directive: "img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security	error	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Refused to load the image 'https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717592428918&sw=1600&sh=1200&ud[external_id]=48c267ffd85d5c5abe01f427ec5bd35e9cd08280aa75d08ece2ab4042b995b16&v=2.9.157&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1717592428917.799896240817167253&cs_est=true&pm=1&hrl=0a80e2&ler=empty&cdl=API_unavailable&it=1717592428661&coo=false&eid=27ce914169e95590986193b22b838821&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=FGET' because it violates the following Content Security Policy directive: "img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security	error	URL: https://tags.tiqcdn.com/ Message: Refused to frame 'https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com".
security	error	URL: https://tags.tiqcdn.com/ Message: Refused to frame 'https://1.b406929acabac9b095f124c81bdfcf57f.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com".
security	error	URL: https://tags.tiqcdn.com/ Message: Refused to frame 'https://1.c81358859121583b7adf2ace89cb39f44.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com".
security	warning	URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com') does not match the recipient window's origin ('null').
security	warning	URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.b406929acabac9b095f124c81bdfcf57f.com') does not match the recipient window's origin ('null').
security	warning	URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.c81358859121583b7adf2ace89cb39f44.com') does not match the recipient window's origin ('null').
other	warning	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Third-party cookie will be blocked. Learn more in the Issues tab.
javascript	error	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Access to XMLHttpRequest at 'https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/9332/handler9/session.json' from origin 'https://benefitsplus-auth-dev.hsbc.com.hk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/9332/handler9/session.json Message: Failed to load resource: net::ERR_FAILED
other	warning	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Refused to load the image 'https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717592430467&sw=1600&sh=1200&ud[external_id]=48c267ffd85d5c5abe01f427ec5bd35e9cd08280aa75d08ece2ab4042b995b16&v=2.9.157&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1717592428917.799896240817167253&cs_est=true&pm=1&hrl=0a80e2&ler=empty&cdl=API_unavailable&it=1717592428661&coo=false&eid=27ce914169e95590986193b22b838821&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=GET' because it violates the following Content Security Policy directive: "img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security	error	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Refused to load the image 'https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717592430467&sw=1600&sh=1200&ud[external_id]=48c267ffd85d5c5abe01f427ec5bd35e9cd08280aa75d08ece2ab4042b995b16&v=2.9.157&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1717592428917.799896240817167253&cs_est=true&pm=1&hrl=0a80e2&ler=empty&cdl=API_unavailable&it=1717592428661&coo=false&eid=27ce914169e95590986193b22b838821&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=FGET' because it violates the following Content Security Policy directive: "img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 139) Message: Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be4630v891155749za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&userId=018fe87c8d340021b14712e68e780506f005406700b08&npa=1&frm=0&pscdl=noapi&auid=1148901266.1717592429&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 139) Message: Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be4630v891155749za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&userId=018fe87c8d340021b14712e68e780506f005406700b08&npa=1&frm=0&pscdl=noapi&auid=1148901266.1717592429&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security	error	URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_bsIZgLbF3tVL9Mg14nhqE&b=1 Message: Refused to load the script 'https://accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/?cb=accountSettingsCB' because it violates the following Content Security Policy directive: "script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_bsIZgLbF3tVL9Mg14nhqE&b=1(Line 6) Message: Refused to load the script 'https://lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/ui-framework.js?version=10.37.0-release_1294589553' because it violates the following Content Security Policy directive: "script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_bsIZgLbF3tVL9Mg14nhqE&b=1(Line 6) Message: Refused to load the script 'https://lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/surveylogicinstance.min.js?version=10.37.0-release_1294589553' because it violates the following Content Security Policy directive: "script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_bsIZgLbF3tVL9Mg14nhqE&b=1 Message: Refused to load the script 'https://accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB' because it violates the following Content Security Policy directive: "script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other	warning	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Third-party cookie will be blocked. Learn more in the Issues tab.
security	error	URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_bsIZgLbF3tVL9Mg14nhqE&b=1 Message: Refused to load the script 'https://lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/storage.secure.min.js?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&env=prod&accdn=accdn.lpsnmedia.net' because it violates the following Content Security Policy directive: "script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other	warning	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=bsIZgLbF3tVL9Mg14nhqE&lang=en-HK Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	font-src .hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: .hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors .hsbc.com.hk .stripe.com stripe.com 'self'; frame-src 'self' data: .hsbc.com.hk .my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net .adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net .youtube.com .youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ .weltpixel.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com 'self' 'unsafe-inline'; img-src blob: .google.com.hk .yahoo.com .hsbc.com.hk .tealiumiq.com .adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net .adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com .ftcdn.net .behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com .vimeocdn.com i.ytimg.com .youtube.com validator.swagger.io flagpedia.net .gstatic.com data: 'self' 'unsafe-inline'; script-src .hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com .adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com .newrelic.com .nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com .vimeocdn.com .youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ .gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src .hsbc.com.hk fonts.googleapis.com .adobe.com maxcdn.bootstrapcdn.com .gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src .hsbc.com.hk 'self' 'unsafe-inline'; media-src .hsbc.com.hk .adobe.com 'self' 'unsafe-inline'; manifest-src .hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: .hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 .tealiumiq.com .tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com .newrelic.com .nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com .stripe.com klarna.com .klarna.com .klarnacdn.net .klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: .hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src .hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
akamai.tiqcdn.com
benefitsplus-auth-dev.hsbc.com.hk
benefitsplus-dev.hsbc.com.hk
cm.g.doubleclick.net
collect-ap-northeast-1.tealiumiq.com
connect.facebook.net
datacloud.tealiumiq.com
fonts.googleapis.com
fonts.gstatic.com
lpcdn.lpsnmedia.net
lptag.liveperson.net
match.adsrvr.org
s.yimg.com
sp.analytics.yahoo.com
tags.tiqcdn.com
visitor-service-ap-northeast-1.tealiumiq.com
www.facebook.com
www.googletagmanager.com
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
www.issthk-dev.hsbc.com.hk
accdn.lpsnmedia.net
cm.g.doubleclick.net
lpcdn.lpsnmedia.net
lptag.liveperson.net
www.facebook.com
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
178.249.97.23
18.194.74.133
203.112.83.226
23.37.38.214
2600:9000:266e:1600:a:9a74:f000:93a1
2600:9000:26db:c600:7:2bfb:7c00:93a1
2a00:1288:80:807::2
2a00:1450:4001:810::2003
2a00:1450:4001:81c::200a
2a00:1450:4001:82f::2008
2a03:2880:f084:d:face:b00c:0:3
3.255.41.64
34.120.154.120
35.71.131.137
52.197.35.231
54.95.104.89
0226a856e4ed5cb72ff3ebea0548da570a5f56f8afccb81765336a276f628283
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
1b01f142d67b4ae857003f3facfa3706b903f5c5201556ca69252ec38968529b
2964dcfd148a7fec136b04c7815aac496f3202747f5c3f895a41734cd2d58333
2c07f0d2bee093f108d787685ce49777105b359547db73f50cc3f2c198848074
31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80
3803610e6af4623280e06a8b78f0cbff37dea2a232200839e8252b7084394798
38f6905807c40f38927a21e48be0785eb7213c12e38d67a45eaa46ab10767565
3aa5733e2bd7207e6eb775a1004c6ab02f6f83de25ebcd23abf5fbf9af89b30b
3afef905eaf9caee6d56c2f364c9dfc8321288ef91a2534b223beeeae4bf98da
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3f0304555ef46520c1e41b341c863dec19bee4231d073b268a7af3da22e49746
480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91
4b98e82da5261a22970e177085ed1c4d0156e74c3d0a0a17a66760c5413d3af1
4ef3e0635dcbcb059c772cd7c60de491073a21b488fbb250b0b868199f2732b2
51ddb2a0b09f8c8b32c18a23096b4b28a0a6d6f876aaff3cf3fc3da63215b6ea
56dd920e68476c84971cdc3f4d0d008fccb0a291ecdf914397bb82e58ca94fea
5e9cea0f194422bd58a13cb607428149342b2062b27fbe8baac7ed65b49b28da
6121a30f77ac85f73ec5d28aa879b6af4c20ba4b1e0cc567f4a4e22325b82b52
6641d53ad39a4097d252706abc3172c0d0f95707b62d903f59fc0487ec95facc
6bdf7ebc9ab82052e74cbbfffe0a22c8afed792fe2cc1d0bd64eead45f9cd565
6fafcf6e3a8b47c672a769d1020ab682fe5a0e44df173602db16a1ea75e175c6
7572548a7c3c08d771234e67ef8dfe24306ef3251f61dddbaf77a7a40c8a1504
7c6e5db0c800c759919265c34d10d441e38a27733cfb867b214777e8fb237371
83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9467767079a490ee2a938f0dc4e111596f9a300d170df03e21c59ed8e9d042bb
946ad337c0a9c0753d4310d0133001fc943a24d73b9126b50850866788260ed2
9cb1d53337bfb32f26a211d01cea0bc36cd377c0b8cd7b9c858c50fe8b8f8abc
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a6a6c4cad34919cd1652a54a90191f5ac3c73ca00b24929a84e1e913cf605553
a88693b1d0e7bf5a2898c9e3d177c7c33ef2e551ef9a8bb948196d788e68e075
baf268b62a21b65716e0be4af4bc61907e8de8cfac0284d8cf9c42615c0c2e3b
bc7a9184a2a594c280e8fe69307a517df1fb00436b0ae579a0e753a783388c13
be81363ab71f61fa670727b693a9c17a03690e1ef5e697605d90c78c3b455fa4
c098f9e565ae64ba124c1eb720723de8a0f8b0df8e11ea38c81e5d5bb83475ac
c42319ce7aea1c71d227a3f114dc79725b0362444c45901c3715d7c7511bf799
c4cf5cb72e92e4587bfe0d3180a6e182f446decf79d38a295d225e6c5be00d31
c741ac64fe72475b8ae5c1e3e0d3e8dbe39a2f7241ab96f6976ded46c8c80b7a
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559
dd9b11bb7723d648dee86c40524b1f927054223967194dee794d19ac49fac3a9
e2e61ce45a2b0427fd79a80c312b3b73188127587bf44379a7ea7aa26184b510
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
ea0664a949fba1e56da947f65ca0833ce4296e116c6f2f6d3d518f54e2bb7391
edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed
eed182ea98c84bb481578575f3d07b84bd701b41b197b6f81dae64300a13a2d7
f147f628d488e3a9adb175dec938d90187ee634e79374975ccfd4e35122a188f
f63aa9cbf1ed197a7e8d6e192bedd57a3376bc1defa5fc2bcc84835eed6900c9
f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4
f8ceeab514ef6d3a41cfb72416159c14b0150919a4df4a085ad27826cff745ae
f9a5649d70f74cde04ab0c3f8a8f41810772e9970befa7fee8e339bcf4dd3b08
f9bf6ec7e8ac9686704d89dae1f0414a616dd4fa810435a849434667813ef16a
faaeaae82d610fa00afb9236e8334f2c48101a66fc69348c33b185360bbb02e4
fdfd8809c0aa9423f4c32db3729fdb844cf58d859be405016823a456646bb068

benefitsplus-auth-dev.hsbc.com.hk Open in urlscan Pro 2600:9000:266e:1600:a:9a74:f000:93a1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

75 Requests

81 %HTTPS

44 %IPv6

14 Domains

21 Subdomains

17 IPs

6 Countries

1098 kBTransfer

3921 kBSize

18 Cookies

5 Outgoing links

Page URL History

Redirected requests

75 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 6 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

benefitsplus-auth-dev.hsbc.com.hk Open in urlscan Pro
2600:9000:266e:1600:a:9a74:f000:93a1 Public Scan

Screenshot
Live screenshot

Full Image

75
Requests

81 %
HTTPS

44 %
IPv6

14
Domains

21
Subdomains

17
IPs

6
Countries

1098 kB
Transfer

3921 kB
Size

18
Cookies

75 HTTP transactions
6 data transactions