urlscan.io logo urlscan.io
SecurityTrails logo

advent.bank-avera.ch Open in urlscan Pro
51.107.76.115  Public Scan

Go To Rescan Add Verdict Report
URL: https://advent.bank-avera.ch/
Submission: On November 26 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 51.107.76.115, located in Zurich, Switzerland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is advent.bank-avera.ch.
TLS certificate: Issued by R3 on November 26th 2021. Valid for: 3 months.
This is the only time advent.bank-avera.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
13 51.107.76.115 8075 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
15 3
Domain Requested by
13 advent.bank-avera.ch advent.bank-avera.ch
1 www.google-analytics.com advent.bank-avera.ch
1 cdn.jsdelivr.net advent.bank-avera.ch
15 3

This site contains links to these domains. Also see Links.

Domain
bank-avera.ch
lemonbrain.ch
Subject Issuer Validity Valid
advent.bank-avera.ch
R3		 2021-11-26 -
2022-02-24		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-07-03 -
2022-07-02		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2021-11-01 -
2022-01-24		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://advent.bank-avera.ch/
Frame ID: CEA7FE0F40E16D99BAE4264365676335
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Home :: bav Adventsspiel

Page Statistics

15
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

3
Countries

130 kB
Transfer

455 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
advent.bank-avera.ch/ 		24 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
7dbe15c4077ee8b6ef2937482e3c9665a335fe2a5732ea6caeb80e2cb2eaa3c3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Fri, 26 Nov 2021 12:12:59 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Permissions-Policy
geolocation=(self), microphone=() camera=()
X-XSS-Protection
1; mode=block
Expect-CT
max-age=2592000
Cache-Control
private, must-revalidate
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Encoding
gzip
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
Content-Length
8205
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8
polyfill.min.js
cdn.jsdelivr.net/npm/promise-polyfill@8/dist/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/promise-polyfill@8/dist/polyfill.min.js
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c3dd8bcd72cc584ace4ff00a6af8e87261d4723f955e3dd2d7555c94ccf31df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Fri, 26 Nov 2021 12:12:59 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
age
12294
x-jsd-version
8.2.1
x-cache
HIT
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
x-served-by
cache-fra19160-FRA
timing-allow-origin
*
x-jsd-version-type
version
server
cloudflare
etag
W/"f45-IoUeIifEu6Ind+SlHcgZJqmUWrI"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
cf-ray
6b43073a6d263250-FRA
jquery.js
advent.bank-avera.ch/adventsspiel/concrete/js/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/adventsspiel/concrete/js/jquery.js?ccm_nocache=1a72ca0f3692b16db9673a9a89faff0649086c52
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:12:59 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=99
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
8a15d75f78ba2f1550a4a97cc3ad5ee0a7c2b035.css
advent.bank-avera.ch/application/files/cache/css/ 		203 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/application/files/cache/css/8a15d75f78ba2f1550a4a97cc3ad5ee0a7c2b035.css?ccm_nocache=1a72ca0f3692b16db9673a9a89faff0649086c52
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
0e2092f05aa412b7fe794f2ebbaf618dd6dfd70463bd0e32ad0f7b79f30de201
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:12:59 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
31333
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 26 Nov 2021 10:47:35 GMT
Server
Apache
ETag
"32a07-5d1aed1a99135-gzip"
Expect-CT
max-age=2592000
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/css
Cache-Control
max-age=86400, public
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
main.css
advent.bank-avera.ch/application/files/cache/css/bav_advent/ 		44 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
c38dbcac1c62200033def6c0928a2df8af53c5a09ccc27fdd5512a466fc47ee4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:12:59 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
6246
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 26 Nov 2021 10:47:35 GMT
Server
Apache
ETag
"ae9d-5d1aed1a91434-gzip"
Expect-CT
max-age=2592000
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/css
Cache-Control
max-age=86400, public
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
d1d11ce30e35d5b8526470e5e5fe8fc8e3aea754.js
advent.bank-avera.ch/application/files/cache/js/ 		114 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/application/files/cache/js/d1d11ce30e35d5b8526470e5e5fe8fc8e3aea754.js?ccm_nocache=1a72ca0f3692b16db9673a9a89faff0649086c52
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
777146fd7d58ef2b142188d0ea0952c77eabf6c69bbbeeed98222a4935cc4b62
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:12:59 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
33531
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 26 Nov 2021 10:47:35 GMT
Server
Apache
ETag
"1c7d8-5d1aed1a9eef5-gzip"
Expect-CT
max-age=2592000
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript
Cache-Control
max-age=86400, public
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
4313
date
Fri, 26 Nov 2021 11:01:07 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 26 Nov 2021 13:01:07 GMT
lichterkette.png
advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/graphics/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/graphics/lichterkette.png
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
7f42ccf372b81134301cb2133cabf7620acb95254c61c5283560c14562d8e27a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:12:59 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=99
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
BankAvera_logo.svg
advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/graphics/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/graphics/BankAvera_logo.svg
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
7f42ccf372b81134301cb2133cabf7620acb95254c61c5283560c14562d8e27a
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:12:59 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=99
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
GothamSSm-Book_Web.woff2
advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/GothamSSm-Book_Web.woff2
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://advent.bank-avera.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:12:59 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=99
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
GothamSSm-Bold_Web.woff2
advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/GothamSSm-Bold_Web.woff2
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://advent.bank-avera.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:13:00 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=100
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
GothamSSm-Light_Web.woff2
advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/GothamSSm-Light_Web.woff2
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://advent.bank-avera.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:13:00 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=100
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
GothamSSm-Book_Web.woff
advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/GothamSSm-Book_Web.woff
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://advent.bank-avera.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:13:00 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=98
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
GothamSSm-Bold_Web.woff
advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/GothamSSm-Bold_Web.woff
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://advent.bank-avera.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:13:00 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=98
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
GothamSSm-Light_Web.woff
advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/GothamSSm-Light_Web.woff
Requested by
Host: advent.bank-avera.ch
URL: https://advent.bank-avera.ch/application/files/cache/css/bav_advent/main.css?ts=1637923655
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.76.115 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
Origin
https://advent.bank-avera.ch
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Fri, 26 Nov 2021 12:13:00 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Server
Apache
X-Frame-Options
SAMEORIGIN
Expect-CT
max-age=2592000
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
Cache-Control
private, must-revalidate
Permissions-Policy
geolocation=(self), microphone=() camera=()
Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Keep-Alive
timeout=5, max=98
X-WebKit-CSP
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.comi https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-sr blob:;
X-Content-Security-Policy
default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;

Verdicts & Comments Add Verdict or Comment

34 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler boolean| isEditMode boolean| isLoggedIn string| CCM_DISPATCHER_FILENAME number| CCM_CID boolean| CCM_EDIT_MODE boolean| CCM_ARRANGE_MODE string| CCM_IMAGE_PATH string| CCM_TOOLS_PATH string| CCM_APPLICATION_URL string| CCM_REL string| CCM_ACTIVE_LOCALE string| disableStr object| whiteListHash string| GoogleAnalyticsObject function| ga function| _defineProperty function| _toConsumableArray function| _nonIterableSpread function| _unsupportedIterableToArray function| _iterableToArray function| _arrayWithoutHoles function| _arrayLikeToArray function| _0x2614 function| _0x57f2 function| Popper object| bootstrap object| google_tag_data object| gaplugins object| gaGlobal object| gaData

2 Cookies

Domain/Path Name / Value
.bank-avera.ch/ Name: _ga
Value: GA1.2.1893771227.1637928780
.bank-avera.ch/ Name: _gid
Value: GA1.2.1519296117.1637928780

10 Console Messages

Source Level URL
Text
security error
Message:
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
network error URL: https://advent.bank-avera.ch/adventsspiel/concrete/js/jquery.js?ccm_nocache=1a72ca0f3692b16db9673a9a89faff0649086c52
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/graphics/BankAvera_logo.svg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/GothamSSm-Book_Web.woff2
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/graphics/lichterkette.png
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/GothamSSm-Bold_Web.woff2
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff2/GothamSSm-Light_Web.woff2
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/GothamSSm-Book_Web.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/GothamSSm-Bold_Web.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://advent.bank-avera.ch/adventsspiel/packages/bav_advent/themes/bav_advent/css/build/fonts/woff/GothamSSm-Light_Web.woff
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self' https://www.google-analytics.com 'unsafe-inline'; base-uri 'self'; connect-src 'self' api.mapbox.com events.mapbox.com my.tikee.io www.google-analytics.com https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; frame-src 'self' msip-service-zrnc.xaas.swissic.ch www.youtube.com services.logismata.ch www.google.com my.tikee.io intranet.eventag.ch; form-action 'self'; img-src 'self' data: https: blob: https://www.google-analytics.com www.google-analytics.com https://stats.g.doubleclick.net; script-src 'self' data: cdn.jsdelivr.net www.google.com www.gstatic.com www.google-analytics.com blob: 'unsafe-inline' 'unsafe-eval'; style-src 'self' fonts.googleapis.com www.gstatic.com 'unsafe-inline'; frame-ancestors 'self' services.logismata.ch; font-src 'self' fonts.googleapis.com fonts.gstatic.com; object-src 'self'; child-src blob:;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block