urlscan.io logo urlscan.io
SecurityTrails logo

tarjetas.banesco.com.pa Open in urlscan Pro
45.60.46.27  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://tarjetas.banesco.com.pa/
Effective URL: https://tarjetas.banesco.com.pa/
Submission Tags: @phish_report
Submission: On July 11 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 27 IPs in 4 countries across 22 domains to perform 79 HTTP transactions. The main IP is 45.60.46.27, located in United States and belongs to INCAPSULA, US. The main domain is tarjetas.banesco.com.pa.
TLS certificate: Issued by Entrust Certification Authority - L1K on July 10th 2024. Valid for: a year.
This is the only time tarjetas.banesco.com.pa was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 45.60.46.27 19551 (INCAPSULA)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 34.36.213.229 396982 (GOOGLE-CL...)
1 18.245.86.4 16509 (AMAZON-02)
1 18.66.102.53 16509 (AMAZON-02)
1 13.32.27.107 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 104.26.12.205 13335 (CLOUDFLAR...)
1 18.66.112.79 16509 (AMAZON-02)
5 34.107.204.85 396982 (GOOGLE-CL...)
6 20.60.220.225 8075 (MICROSOFT...)
4 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 52.173.139.99 8075 (MICROSOFT...)
1 146.75.120.157 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
1 157.240.252.13 32934 (FACEBOOK)
1 216.58.206.66 15169 (GOOGLE)
8 2a03:2880:f17... 32934 (FACEBOOK)
1 93.184.221.165 15133 (EDGECAST)
1 142.250.185.168 15169 (GOOGLE)
3 142.250.186.36 15169 (GOOGLE)
1 216.58.206.78 15169 (GOOGLE)
1 172.217.18.3 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
79 27
17    45.60.46.27 (United States)

ASN19551 (INCAPSULA, US)
tarjetas.banesco.com.pa
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    34.36.213.229 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 229.213.36.34.bc.googleusercontent.com
cdn.pendo.io
1    18.245.86.4 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-4.fra60.r.cloudfront.net
cdn.amplitude.com
1    18.66.102.53 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-53.fra56.r.cloudfront.net
static.hotjar.com
1    13.32.27.107 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-107.fra56.r.cloudfront.net
script.hotjar.com
3    2a00:1450:4001:82a::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a00:1450:4001:812::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    104.26.12.205 (None, )

ASN13335 (CLOUDFLARENET, US)
api.ipify.org
1    18.66.112.79 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-79.fra56.r.cloudfront.net
vc.hotjar.io
5    34.107.204.85 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 85.204.107.34.bc.googleusercontent.com
data.pendo.io
6    20.60.220.225 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
banescotdc.blob.core.windows.net
4    2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
maps.googleapis.com
3    52.173.139.99 (Des Moines, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
banesco-tdc-api.azurewebsites.net
1    146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net
connect.facebook.net
1    216.58.206.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f2.1e100.net
www.googleadservices.com
8    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
1    93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)
t.co
1    142.250.185.168 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f8.1e100.net
www.googletagmanager.com
3    142.250.186.36 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f4.1e100.net
www.google.com
1    216.58.206.78 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s08-in-f14.1e100.net
www.google-analytics.com
1    172.217.18.3 (United States)

ASN15169 (GOOGLE, US)
PTR: fra02s19-in-f3.1e100.net
fonts.gstatic.com
1    2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Apex Domain
Subdomains		 Transfer
17 banesco.com.pa
tarjetas.banesco.com.pa
861 KB
8 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
7 KB
6 windows.net
banescotdc.blob.core.windows.net
127 KB
6 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 108
maps.googleapis.com — Cisco Umbrella Rank: 579
151 KB
6 pendo.io
cdn.pendo.io — Cisco Umbrella Rank: 2073
data.pendo.io — Cisco Umbrella Rank: 1663
154 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 110
376 KB
4 gstatic.com
fonts.gstatic.com
www.gstatic.com
385 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 10
988 B
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 102
21 KB
3 azurewebsites.net
banesco-tdc-api.azurewebsites.net
3 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 232
75 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 1311
script.hotjar.com — Cisco Umbrella Rank: 1952
61 KB
1 t.co
t.co — Cisco Umbrella Rank: 983
377 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 177
2 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 1254
15 KB
1 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 4682
content.hotjar.io Failed
233 B
1 ipify.org
api.ipify.org — Cisco Umbrella Rank: 2521
155 B
1 amplitude.com
cdn.amplitude.com — Cisco Umbrella Rank: 4619
18 KB
0 doubleclick.net Failed
stats.g.doubleclick.net Failed
0 google.fi Failed
www.google.fi Failed
0 twitter.com Failed
analytics.twitter.com Failed
0 adform.net Failed
s2.adform.net Failed
79 22
Domain Requested by
17 tarjetas.banesco.com.pa tarjetas.banesco.com.pa
8 www.facebook.com
6 banescotdc.blob.core.windows.net tarjetas.banesco.com.pa
5 www.googletagmanager.com tarjetas.banesco.com.pa
www.googletagmanager.com
www.google-analytics.com
5 data.pendo.io cdn.pendo.io
3 www.google.com tarjetas.banesco.com.pa
www.gstatic.com
3 www.google-analytics.com www.googletagmanager.com
tarjetas.banesco.com.pa
3 banesco-tdc-api.azurewebsites.net tarjetas.banesco.com.pa
3 maps.googleapis.com tarjetas.banesco.com.pa
maps.googleapis.com
3 fonts.gstatic.com fonts.googleapis.com
3 fonts.googleapis.com tarjetas.banesco.com.pa
3 connect.facebook.net tarjetas.banesco.com.pa
connect.facebook.net
1 www.gstatic.com www.google.com
1 t.co
1 www.googleadservices.com www.googletagmanager.com
1 static.ads-twitter.com www.googletagmanager.com
1 vc.hotjar.io tarjetas.banesco.com.pa
1 api.ipify.org tarjetas.banesco.com.pa
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com tarjetas.banesco.com.pa
1 cdn.amplitude.com tarjetas.banesco.com.pa
1 cdn.pendo.io tarjetas.banesco.com.pa
0 stats.g.doubleclick.net Failed tarjetas.banesco.com.pa
0 www.google.fi Failed
0 analytics.twitter.com Failed
0 s2.adform.net Failed
0 content.hotjar.io Failed tarjetas.banesco.com.pa
79 27

This site contains links to these domains. Also see Links.

Domain
wa.me
www.banesco.com.pa
www.facebook.com
www.instagram.com
www.linkedin.com
twitter.com
www.youtube.com
Subject Issuer Validity Valid
tarjetas.banesco.com.pa
Entrust Certification Authority - L1K		 2024-07-10 -
2025-07-10		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-04-19 -
2024-07-18		 3 months crt.sh
cdn.pendo.io
WR3		 2024-05-27 -
2024-08-25		 3 months crt.sh
cdn.amplitude.com
Amazon RSA 2048 M02		 2023-12-14 -
2025-01-12		 a year crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
upload.video.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.gstatic.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
ipify.org
GTS CA 1P5		 2024-05-19 -
2024-08-17		 3 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2024-02-07 -
2025-03-08		 a year crt.sh
pendo.io
WR3		 2024-05-23 -
2024-08-21		 3 months crt.sh
*.blob.core.windows.net
Microsoft Azure RSA TLS Issuing CA 04		 2024-04-04 -
2025-03-30		 a year crt.sh
*.google-analytics.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
*.azurewebsites.net
Microsoft Azure RSA TLS Issuing CA 08		 2024-05-24 -
2025-05-19		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-25 -
2025-06-24		 a year crt.sh
*.googleadservices.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh
t.co
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-05-08 -
2025-05-07		 a year crt.sh
*.google.com
WR2		 2024-06-24 -
2024-09-16		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://tarjetas.banesco.com.pa/
Frame ID: 2658763CA6FA3F4187DB9991E2D0CDEC
Requests: 75 HTTP requests in this frame

Frame: https://www.googletagmanager.com/ns.html?id=GTM-MKJNN2Z
Frame ID: 85D48DE43DD92D3580BA3F8F71944B41
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3HsYUAAAAAIy3UAH5awUyZghY9Z4BKTKSm-w4&co=aHR0cHM6Ly90YXJqZXRhcy5iYW5lc2NvLmNvbS5wYTo0NDM.&hl=fi&type=image&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&badge=bottomright&cb=kab2iwc5xf5s
Frame ID: 905490BE172BD8DEDEA8AFAF03821CA1
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=fi&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Lf3HsYUAAAAAIy3UAH5awUyZghY9Z4BKTKSm-w4
Frame ID: 76FDA7BCE75C92E820E1084A9DDA1A62
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Banesco Panamá - Solicitud de Tarjeta de Crédito - Precalificación

Page URL History Show full URLs

  1. http://tarjetas.banesco.com.pa/ HTTP 307
    https://tarjetas.banesco.com.pa/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //maps\.google(?:apis)?\.com/maps/api/js
Overall confidence: 100%
Detected patterns
  • cdn\.amplitude\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

79
Requests

91 %
HTTPS

31 %
IPv6

22
Domains

27
Subdomains

27
IPs

4
Countries

2258 kB
Transfer

6904 kB
Size

16
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://tarjetas.banesco.com.pa/ HTTP 307
    https://tarjetas.banesco.com.pa/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46
  • https://a2.adform.net/serving/scripts/trackpoint/async/ HTTP 0
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Request Chain 57
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/782832368/?random=1592550666&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&label=ConversionATravesDeGoogleAds&hn=www.googleadservices.com&frm=0&tiba=Banesco&value=0&currency_code=USD&npa=1&pscdl=noapi&auid=1791535439.1720690071&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&eitems=ChAI8IW-tAYQhrKIhqr9h4IXEh0A2cvrxs_Cu_oq0ctU0wEML3KBRtCAx3N3VwB61g&pscrd=IhMIjfftg9aehwMVjME7Ah3jXQTlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6IGh0dHBzOi8vdGFyamV0YXMuYmFuZXNjby5jb20ucGEv HTTP 302
  • https://www.google.com/pagead/1p-conversion/782832368/?random=1592550666&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&label=ConversionATravesDeGoogleAds&hn=www.googleadservices.com&frm=0&tiba=Banesco&value=0&currency_code=USD&npa=1&pscdl=noapi&auid=1791535439.1720690071&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMIjfftg9aehwMVjME7Ah3jXQTlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6IGh0dHBzOi8vdGFyamV0YXMuYmFuZXNjby5jb20ucGEv&is_vtc=1&cid=CAQSKQDaQooL9D_tcqWKMV1mj85rvKt_YbPcGWDE48vqmkDBx1W5rLe3sTs5&eitems=ChAI8IW-tAYQhrKIhqr9h4IXEh0A2cvrxh5nqPVbLS-4SOHCH5-Q8roiAO7-TKqP2g&random=819649516 HTTP 0
  • https://www.google.fi/pagead/1p-conversion/782832368/?random=1592550666&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&label=ConversionATravesDeGoogleAds&hn=www.googleadservices.com&frm=0&tiba=Banesco&value=0&currency_code=USD&npa=1&pscdl=noapi&auid=1791535439.1720690071&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMIjfftg9aehwMVjME7Ah3jXQTlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6IGh0dHBzOi8vdGFyamV0YXMuYmFuZXNjby5jb20ucGEv&is_vtc=1&cid=CAQSKQDaQooL9D_tcqWKMV1mj85rvKt_YbPcGWDE48vqmkDBx1W5rLe3sTs5&eitems=ChAI8IW-tAYQhrKIhqr9h4IXEh0A2cvrxh5nqPVbLS-4SOHCH5-Q8roiAO7-TKqP2g&random=819649516&ipr=y

79 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
tarjetas.banesco.com.pa/
Redirect Chain
  • http://tarjetas.banesco.com.pa/
  • https://tarjetas.banesco.com.pa/
5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
d329736e516b16e0d64816a635f07f8035de8739a6fda8297eca64f6fdabce8d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
gzip
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
content-type
text/html
date
Thu, 11 Jul 2024 09:27:48 GMT
etag
"1b12df4b2aed91:0"
expires
0
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
BANESCO (PANAMA), S.A.
strict-transport-security
max-age=31536000; includeSubDomains;
vary
Accept-Encoding
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-iinfo
5-3993396-3993398 NNNN CT(131 277 0) RT(1720690067231 53) q(0 0 4 0) r(6 6) U12
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

Location
https://tarjetas.banesco.com.pa/
Non-Authoritative-Reason
HttpsUpgrades
styles.1ca489a0191061f9e325.bundle.css
tarjetas.banesco.com.pa/ 		249 KB
55 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/styles.1ca489a0191061f9e325.bundle.css
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
b6fb8695408f3325b3c9fe773ea7903d05a4d74db7ffa08dfde75b6694c5508b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains;
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-cdn
Imperva
x-iinfo
5-3993396-3993398 PNNN RT(1720690067231 670) q(0 0 0 -1) r(1 1) U2
content-length
56327
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"1b12df4b2aed91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
inline.318b50c57b4eba3d437b.bundle.js
tarjetas.banesco.com.pa/ 		796 B
750 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/inline.318b50c57b4eba3d437b.bundle.js
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
ed6bb8f42da5f367b561820ea6e61c9f56a06b493f926c20fce4e3c193b6c493
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains;
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-cdn
Imperva
x-iinfo
5-3993396-3993419 NNNN CT(131 276 0) RT(1720690067231 672) q(0 0 4 -1) r(5 5) U2
content-length
623
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"1b12df4b2aed91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
polyfills.63ac4754fdc7e807be1d.bundle.js
tarjetas.banesco.com.pa/ 		144 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
e61d12046fb23908a234bc855331ed96f6ad389fce712c1ae8121acff1516b2a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains;
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-cdn
Imperva
x-iinfo
5-3993396-3993421 NNNN CT(131 274 0) RT(1720690067231 672) q(0 0 4 -1) r(5 5) U2
content-length
62684
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"1b12df4b2aed91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
scripts.4deea63001f1ff3fd864.bundle.js
tarjetas.banesco.com.pa/ 		156 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/scripts.4deea63001f1ff3fd864.bundle.js
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
234cf14ff7fb3e0a955a054b9fa30244be2c1c56ec6877adb8cd4108d86f9e5f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains;
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-cdn
Imperva
x-iinfo
5-3993396-3993423 NNNN CT(134 281 0) RT(1720690067231 673) q(0 0 4 -1) r(5 5) U2
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"1b12df4b2aed91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
main.bc9c0623318deb21f90b.bundle.js
tarjetas.banesco.com.pa/ 		2 MB
529 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/main.bc9c0623318deb21f90b.bundle.js
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
228588bcbb021c7d7ce48d97cd60d9469e52fb2ae039f1afe11544ba37dd0f88
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains;
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-cdn
Imperva
x-iinfo
5-3993396-3993425 NNNN CT(135 279 0) RT(1720690067231 674) q(0 0 4 -1) r(5 5) U2
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"1b12df4b2aed91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/x-javascript
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
_Incapsula_Resource
tarjetas.banesco.com.pa/ 		134 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=1752375004
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
6afcb419e5881dc0cd7dc2b1c8270ce69b45c9b8e02f127da408c5a013401289

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
x-robots-tag
noindex
content-length
19443
content-type
application/javascript
fbevents.js
connect.facebook.net/en_US/ 		223 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 11 Jul 2024 09:27:48 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58653
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=78, rtx=0, c=12, mss=1368, tbw=2787, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
WGU5Ah1pkkr+Bz/7fbPmA6pYPCFADhIBzbNEPDxUZ6fSQNFTvRpfIyIOSbaQqSip7/NSYlxmhoUsicMLEWGNPw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
pendo.js
cdn.pendo.io/agent/static/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3/ 		467 KB
153 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.pendo.io/agent/static/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3/pendo.js
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.36.213.229 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
229.213.36.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
15f534730d7006330d370ee80c385d9d9bb1859dd215f6c3755b8bc9a45f36f5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:23:33 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains
age
255
x-guploader-uploadid
ACJd0NqjiXC65ha89P1WmU1_Nbrnbsz2p7p_c_cyllEGa9ZHemF22EU4HhI17eDQEATtFYYBXi8
x-goog-storage-class
STANDARD
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
155739
last-modified
Tue, 02 Jul 2024 15:15:15 GMT
server
UploadServer
etag
"d3f7b7d2fcf709f8311feb67365c452f"
vary
Accept-Encoding
x-goog-generation
1719933315601742
x-goog-hash
crc32c=2PtIfw==, md5=0/e30vz3CfgxH+tnNlxFLw==
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public,max-age=450
x-goog-stored-content-length
155739
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
amplitude-5.2.2-min.gz.js
cdn.amplitude.com/libs/ 		54 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.4 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-4.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2173f130ca59dc5554498343432f02f92ecce45c4f9381ea12b203a2978f33d4

Request headers

Referer
https://tarjetas.banesco.com.pa/
Origin
https://tarjetas.banesco.com.pa
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 10 Jul 2024 20:53:33 GMT
content-encoding
gzip
via
1.1 337ce1d1833905a0473cbaec913a354c.cloudfront.net (CloudFront)
x-amz-version-id
aZB1RIRJqET7nosqRtOBVideRuh0jIV6
x-amz-cf-pop
FRA60-P6
age
45256
x-cache
Hit from cloudfront
content-length
17889
last-modified
Mon, 21 Oct 2019 15:45:34 GMT
server
AmazonS3
etag
"b568e7b3c9d94da6a1d4845b18400f7a"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method
accept-ranges
bytes
x-amz-cf-id
Gl6ceTQeP12Rx32OT4H-K4hUAIGmvfV_QdGrBytfUa3g1sZwzn3xag==
hotjar-982761.js
static.hotjar.com/c/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-982761.js?sv=6
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-53.fra56.r.cloudfront.net
Software
/
Resource Hash
e6b6e4e2d76e9c5bad2c25b10c24ef26a5bdb7fe394cfb03ff8d409f0f4d5a26
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Thu, 11 Jul 2024 09:27:49 GMT
via
1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P2
etag
W/627cf3bb47b9214bf85f6e7e703c5d7c
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
bgmjNfATc5B_EC-EohdyH7QCs-G7Ls0WPmnVwafZycjmByghOcTehQ==
modules.e4b2dc39f985f11fb1e4.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-982761.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-107.fra56.r.cloudfront.net
Software
/
Resource Hash
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Mon, 01 Jul 2024 08:11:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 fd3cce3e0bafd8b312277d0ad9f4762e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C2
age
868602
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56291
last-modified
Mon, 01 Jul 2024 08:10:34 GMT
etag
"ca025d2d8ae4b3dc51e058b782590501"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
e1Oia96D0LSvWrahNMvGtW0SN4zppjPPYT2C1D66XMvb3v_wFWKOmg==
css
fonts.googleapis.com/ 		5 KB
936 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Lato:300,300i,400,400i,700,700i,900
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/styles.1ca489a0191061f9e325.bundle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
6e46aebd8b3d1b2ccee73391693425524a63b373bc7a647eef58cd88b65b5c58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 11 Jul 2024 09:27:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 11 Jul 2024 09:27:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 11 Jul 2024 09:27:49 GMT
icon
fonts.googleapis.com/ 		2 KB
667 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Roboto
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/styles.1ca489a0191061f9e325.bundle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
44004199012159c073f8c965213f9e0aecd633dfe1d58641d7f497d3c7423a61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 11 Jul 2024 09:27:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 11 Jul 2024 07:37:47 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 11 Jul 2024 09:27:49 GMT
icon
fonts.googleapis.com/ 		569 B
416 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/styles.1ca489a0191061f9e325.bundle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 11 Jul 2024 09:27:49 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 11 Jul 2024 09:27:49 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 11 Jul 2024 09:27:49 GMT
1925717894193659
connect.facebook.net/signals/config/ 		53 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1925717894193659?v=2.9.161&r=stable&domain=tarjetas.banesco.com.pa&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
669c468246558b8f3db864436e58324b35f3ccd9d1d5674212263a199e9df6d5
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 11 Jul 2024 09:27:49 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=74, rtx=0, c=62, mss=1368, tbw=64192, tp=-1, tpl=-1, uplat=88, ullat=0
pragma
public
x-fb-debug
OitdNxfyRO+X7x2EWM5Khl9MP11ESNMi0+PeG6ITZWc38YGVF7kJnfAb3zUZ9SiZ0hqP0qC9wq41R8gt9JAHgg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,400i,700,700i,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://tarjetas.banesco.com.pa
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 09 Jul 2024 09:57:15 GMT
x-content-type-options
nosniff
age
171034
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23580
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:17:22 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Jul 2025 09:57:15 GMT
/
api.ipify.org/ 		22 B
155 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.ipify.org/?format=json
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.26.12.205 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fdb87bdf14205d6b6e2849804ccf9e8cadf02074362d6cd7788ef514bacb031

Request headers

Accept
application/json
Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
cf-cache-status
DYNAMIC
server
cloudflare
vary
Origin
content-type
application/json
access-control-allow-origin
*
cf-ray
8a17c28cea72376f-HEL
content-length
22
client-config.json
tarjetas.banesco.com.pa/assets/ 		985 B
833 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/assets/client-config.json
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
cb1c7475ad0e045d25ed579a8e50506e1873fb0f0d5bee755e80ca07d3bd313d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://tarjetas.banesco.com.pa/
Authorization
Bearer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains;
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-cdn
Imperva
x-iinfo
5-3993396-3993425 PNNN RT(1720690067231 2342) q(0 0 0 -1) r(2 2) U16
content-length
680
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"611330f4b2aed91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
_Incapsula_Resource
tarjetas.banesco.com.pa/ 		1 B
119 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tarjetas.banesco.com.pa/_Incapsula_Resource?SWKMTFSR=1&e=0.33372428290170797
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store
x-robots-tag
noindex
content-length
1
content-type
text/plain
982761
vc.hotjar.io/sessions/ 		0
233 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/982761?s=0.25&r=0.18870264910640144
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.79 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-79.fra56.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 11 Jul 2024 09:27:50 GMT
cache-control
no-store
via
1.1 02d68f3a4f2a3f8967c5e021dcd7f96a.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
x-amz-cf-id
OwCczjlBK5VKcAkfKhtxURBoUcZ9BSRzPnZC9w3GXE_aF7ZW69vR3A==
x-cache
Miss from cloudfront
/
content.hotjar.io/ 		0
0
1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3
data.pendo.io/data/ptm.gif/ 		42 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://data.pendo.io/data/ptm.gif/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3?v=2.237.2_prod&ct=1720690070582&jzb=eJzFUVFvmzAY_C9-TsEYiEveqqRqM1Vky8I2bZosB0zmyNjINomiKv-9H0uE-oT2sKg84e87353vfr0if2oFmiFZCe1lfUITtLXm6IRlXjawiSjB0wxjitOUTtBBOumNZbKCS-zzY75YsQ3L5XdXU0uefr4AAS9L02l_wTzM56si39wV-fJL8Xi3XACgswo2f7xv3SwMPbd74bkLtlwLV5qgNE3Q8hCArTWtQ7NXZFTF_kW6x72X151S_8X0GcxwCxlt-HY5EPvLAZn1vP725LtdjH8879ca-GrLG_F3eSzu92rVVPdF_aLIp7yP-OQFvCumyXkyVNBACGPxT_GHxX-V7X_HlBXXu47v-scIzYqvfWpXN8PVkWgfBiiMKu57nigKMQ0JJgnwH4R10mgYk4DENCAMHFY36ibL3nWjDK9Gu4k-rJve2tUQSZMsoBl8aUJIPI3jm0RDKD7_fgMuGFeL
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
85.204.107.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
server
istio-envoy
access-control-max-age
600
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
*
access-control-allow-credentials
false
x-envoy-upstream-service-time
104
access-control-allow-headers
*
content-length
42
alt-svc
clear
1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3
data.pendo.io/data/guide.js/ 		356 B
438 B 		Script
General
Check archive.org
Download Go to
Full URL
https://data.pendo.io/data/guide.js/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3?id=7&jzb=eJx9jkFLAzEQhf_LnNukjcLC3kpbZEF2FbsKXsKYxBpJkyWZ7UX2v3fqYT0UvIU3X977fuDsi6eUGws16Kd9u-v0Qbf-rXxWWT28P8IC0Jg0RvpFNttt17eHZd82z_1-2ez4PubAly-iodRSEuZvR1jEB0ZXTBImncSAksEU7OvfXBxDWMCJWYuEUM8u16f_xydgPI54dEy4qPsXmGbH-eutJ0MDZhdpM6Mc8fS1Z72Wq0qqlbrn_rPLxafIsRLqrhJKDzlZmKYLAtRgCw&v=2.237.2_prod&ct=1720690070586
Requested by
Host: cdn.pendo.io
URL: https://cdn.pendo.io/agent/static/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3/pendo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
85.204.107.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
a8cf71d22b05de10278aa92a54326e359f1b13022868b28a496d83861de64bd9
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
server
istio-envoy
access-control-max-age
600
access-control-allow-methods
GET,POST
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-credentials
false
x-envoy-upstream-service-time
103
access-control-allow-headers
*
content-length
356
alt-svc
clear
1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3
data.pendo.io/data/guide.gif/ 		42 B
304 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://data.pendo.io/data/guide.gif/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3?jzb=eJwFwIEIAAAAwDDQd3-N1QABFQC5&ct=1720690070588&v=2.237.2_prod
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
85.204.107.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
server
istio-envoy
access-control-max-age
600
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
*
access-control-allow-credentials
false
x-envoy-upstream-service-time
14
access-control-allow-headers
*
content-length
42
alt-svc
clear
favicon.png
banescotdc.blob.core.windows.net/angular-assets/favicons/ 		32 KB
32 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://banescotdc.blob.core.windows.net/angular-assets/favicons/favicon.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
1fd77ea1b27750dc961adfa53134e81c2f61f05180d0b501cf9afa5f13b9ad23

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 11 Jul 2024 09:27:50 GMT
Last-Modified
Wed, 20 Feb 2019 23:21:15 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
SpT3apMOu8apfwNvDDGe3w==
ETag
0x8D6978A1C2F3CC8
Content-Type
image/png
x-ms-request-id
2d763dd9-a01e-006e-3674-d39f92000000
x-ms-version
2009-09-19
Content-Length
32377
es.json
tarjetas.banesco.com.pa/assets/i18n/ 		51 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/assets/i18n/es.json
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
29f7df7242332058b2b40715616ac867667cbbe232a4d1a49a48b7ce98dc277f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://tarjetas.banesco.com.pa/
Authorization
Bearer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains;
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-cdn
Imperva
x-iinfo
5-3993396-3993425 PNNN RT(1720690067231 2564) q(0 0 0 -1) r(2 2) U16
content-length
19510
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"1c8a26f4b2aed91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
es.json
tarjetas.banesco.com.pa/assets/i18n/ 		51 KB
19 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/assets/i18n/es.json
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
29f7df7242332058b2b40715616ac867667cbbe232a4d1a49a48b7ce98dc277f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://tarjetas.banesco.com.pa/
Authorization
Bearer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains;
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-cdn
Imperva
x-iinfo
5-3993396-3993425 PNNN RT(1720690067231 2773) q(0 0 0 -1) r(1 1) U16
content-length
19510
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"1c8a26f4b2aed91:0"
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/json
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
gtm.js
www.googletagmanager.com/ 		361 KB
110 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MKJNN2Z
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bfbbc78135f30e7ebc816c9692d75e32ab1fa5de1a33510bbd983ca791105d91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
111860
x-xss-protection
0
last-modified
Thu, 11 Jul 2024 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 11 Jul 2024 09:27:50 GMT
ns.html
www.googletagmanager.com/ Frame 85D4 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/ns.html?id=GTM-MKJNN2Z
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/main.bc9c0623318deb21f90b.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-length
331
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jul 2024 09:27:50 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
vary
*
x-xss-protection
0
js
maps.googleapis.com/maps/api/ 		278 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps/api/js?key=AIzaSyDT1_6oCYowChGONrY0oZCWy77NRdhMfqk&libraries=places&language=es
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/main.bc9c0623318deb21f90b.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
scaffolding on HTTPServer2 /
Resource Hash
ec5550894892d3dee758ac7ca42c30f59c113d06feb0368ddb1f28e8286826c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
scaffolding on HTTPServer2
vary
Origin, X-Origin, Referer
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=1800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94331
x-xss-protection
0
GetToken
banesco-tdc-api.azurewebsites.net/api/Anonymous/ 		535 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://banesco-tdc-api.azurewebsites.net/api/Anonymous/GetToken
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.173.139.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9f6550453172d98b7101852a8cd5ec525589e064eb1883e116943fd543d3404f

Request headers

Accept
application/json, text/plain, */*
Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Expires
-1
Pragma
no-cache
Date
Thu, 11 Jul 2024 09:27:52 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Headers
content-Type, accept, origin, X-Requested-With, name, authorization, tdcheader
Content-Length
440
Request-Context
appId=cid-v1:f3b23123-a40f-45e4-a277-5502f349098c
logo.png
banescotdc.blob.core.windows.net/angular-assets/png/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://banescotdc.blob.core.windows.net/angular-assets/png/logo.png
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/styles.1ca489a0191061f9e325.bundle.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
fe0305e06f56580252118c6d1b954bc1096825b959a523ec78d4982d57933d3a

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 11 Jul 2024 09:27:50 GMT
Last-Modified
Fri, 15 Feb 2019 21:15:02 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
orvayijfFFTgGM/MHyTNCg==
ETag
0x8D6938AA63F4D15
Content-Type
image/png
x-ms-request-id
e558c766-901e-0108-5f74-d32ebf000000
x-ms-version
2009-09-19
Content-Length
73471
fontawesome-webfont.af7ae505a9eed503f8b8.woff2
tarjetas.banesco.com.pa/ 		75 KB
78 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://tarjetas.banesco.com.pa/fontawesome-webfont.af7ae505a9eed503f8b8.woff2?v=4.7.0
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/styles.1ca489a0191061f9e325.bundle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/styles.1ca489a0191061f9e325.bundle.css
Origin
https://tarjetas.banesco.com.pa
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
content-encoding
gzip
x-permitted-cross-domain-policies
none
x-cdn
Imperva
x-iinfo
5-3993396-3993423 PNYN RT(1720690067231 2684) q(0 0 0 -1) r(1 1) U2
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"aa4e2bf4b2aed91:0"
x-frame-options
SAMEORIGIN
content-type
application/font-woff
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 		23 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Lato:300,300i,400,400i,700,700i,900
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://tarjetas.banesco.com.pa
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 09 Jul 2024 09:47:28 GMT
x-content-type-options
nosniff
age
171622
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
23040
x-xss-protection
0
last-modified
Tue, 02 May 2023 15:07:25 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Jul 2025 09:47:28 GMT
facebook.png
tarjetas.banesco.com.pa/assets/png/ 		436 B
550 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tarjetas.banesco.com.pa/assets/png/facebook.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
89c8879706ab5dcc20b41c6070ea232fc9a12c22bfcd35764106bc8434149577
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-permitted-cross-domain-policies
none
x-cdn
Imperva
x-iinfo
5-3993396-3993423 PNNN RT(1720690067231 3000) q(0 0 0 -1) r(1 1) U2
content-length
436
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"40ec28f4b2aed91:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
instagram.png
tarjetas.banesco.com.pa/assets/png/ 		938 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tarjetas.banesco.com.pa/assets/png/instagram.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
d14563998c51dc9e70af90ea513cafdd27e2c053cf9b3eea20f4b9732bae659a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-permitted-cross-domain-policies
none
x-cdn
Imperva
x-iinfo
5-3993396-3993425 PNNN RT(1720690067231 3003) q(0 0 0 -1) r(1 1) U2
content-length
938
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"aa4e2bf4b2aed91:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
linkedin.png
tarjetas.banesco.com.pa/assets/png/ 		506 B
620 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tarjetas.banesco.com.pa/assets/png/linkedin.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
c5c10d8ad360c8cbcdb1516f37e8a54e0dd9603ee7b6b3b6bbec21a2a6832ed3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-permitted-cross-domain-policies
none
x-cdn
Imperva
x-iinfo
5-3993396-3993421 PNNN RT(1720690067231 3004) q(0 0 0 -1) r(1 1) U2
content-length
506
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"aa4e2bf4b2aed91:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
twitter.png
tarjetas.banesco.com.pa/assets/png/ 		638 B
777 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tarjetas.banesco.com.pa/assets/png/twitter.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
ac2c8bd8d1ff23459583eef52ec865723b44305a840b38eba3630637f6548cc9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-permitted-cross-domain-policies
none
x-cdn
Imperva
x-iinfo
5-3993396-3993419 PNNN RT(1720690067231 3005) q(0 0 0 -1) r(1 1) U2
content-length
638
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"aa4e2bf4b2aed91:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
youtube.png
tarjetas.banesco.com.pa/assets/png/ 		894 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tarjetas.banesco.com.pa/assets/png/youtube.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.46.27 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
BANESCO (PANAMA), S.A. /
Resource Hash
3a40800615166a62b003b79ad4b98c441937e24f7dd62eb6a8bce961484b517d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains;
x-content-type-options
nosniff
content-security-policy
default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
x-permitted-cross-domain-policies
none
x-cdn
Imperva
x-iinfo
5-3993396-3993398 PNNN RT(1720690067231 3005) q(0 0 0 -1) r(1 1) U2
content-length
894
x-xss-protection
1; mode=block
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 04 Jul 2023 20:06:00 GMT
server
BANESCO (PANAMA), S.A.
etag
"aa4e2bf4b2aed91:0"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
private, no-cache, no-store, must-revalidate
feature-policy
accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'
accept-ranges
bytes
expires
0
superintendencia.png
banescotdc.blob.core.windows.net/angular-assets/png/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://banescotdc.blob.core.windows.net/angular-assets/png/superintendencia.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
9c3e29e08f0524ac9f89d5ca84dc3575d538a55a9e1733339bfa38f7b0341045

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 11 Jul 2024 09:27:51 GMT
Last-Modified
Fri, 15 Feb 2019 21:15:06 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
ePMHb+4q/nm3tiAs+TZ7BA==
ETag
0x8D6938AA8DEB2FD
Content-Type
image/png
x-ms-request-id
2d763e94-a01e-006e-6574-d39f92000000
x-ms-version
2009-09-19
Content-Length
14564
consumidor.png
banescotdc.blob.core.windows.net/angular-assets/png/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://banescotdc.blob.core.windows.net/angular-assets/png/consumidor.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f9011b42a1485b224b59a8890331066d796ca4ad926993fd50e275141e1a492e

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 11 Jul 2024 09:27:50 GMT
Last-Modified
Fri, 15 Feb 2019 21:14:58 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
U2s2liwZiCmmWu6MaY9TNw==
ETag
0x8D6938AA3B743EB
Content-Type
image/png
x-ms-request-id
1751ab60-d01e-0016-4e74-d33c6a000000
x-ms-version
2009-09-19
Content-Length
5315
norton.png
banescotdc.blob.core.windows.net/angular-assets/png/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://banescotdc.blob.core.windows.net/angular-assets/png/norton.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f8c489b818bc2d3f3c148b8534f76c7a0440c4cd5e0129a63672a91a7e7b7799

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 11 Jul 2024 09:27:50 GMT
Last-Modified
Fri, 15 Feb 2019 21:15:03 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
tyaab7MWl+5NwKgA6+DJlA==
ETag
0x8D6938AA720ADA6
Content-Type
image/png
x-ms-request-id
cbffef2f-c01e-0115-0574-d32303000000
x-ms-version
2009-09-19
Content-Length
2555
destination
www.googletagmanager.com/gtag/ 		239 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-782832368&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKJNN2Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
284f9a0e5c83c155db9573bd00a9415872f36cd8f13fc325b95d51e272dc4bbd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86981
x-xss-protection
0
last-modified
Thu, 11 Jul 2024 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 11 Jul 2024 09:27:51 GMT
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKJNN2Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:51 GMT
content-encoding
gzip
last-modified
Thu, 04 Apr 2024 00:26:35 GMT
x-amz-server-side-encryption
AES256
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15412
x-served-by
cache-iad-kcgs7200164-IAD, cache-fra-etou8220071-FRA
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKJNN2Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 11 Jul 2024 08:29:07 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
3524
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 11 Jul 2024 10:29:07 GMT
destination
www.googletagmanager.com/gtag/ 		235 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-783164764&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MKJNN2Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
5fed8d40fc6b5b1351029c058ceb48e2c0ff16b8df87a15f77c9d41cd423cb8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86100
x-xss-protection
0
last-modified
Thu, 11 Jul 2024 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 11 Jul 2024 09:27:51 GMT
trackpoint-async.js
s2.adform.net/banners/scripts/st/
Redirect Chain
  • https://a2.adform.net/serving/scripts/trackpoint/async/
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js
0
0
1254348371621878
connect.facebook.net/signals/config/ 		20 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1254348371621878?v=2.9.161&r=stable&domain=tarjetas.banesco.com.pa&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108%2C155%2C185%2C187%2C116%2C138%2C143%2C180%2C122%2C222%2C109%2C139%2C164%2C151%2C112%2C223%2C157%2C113%2C129%2C117%2C146
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra3.fbcdn.net
Software
/
Resource Hash
38593de9c84ce9016021f128603e6c7e62a485fbca371148d7d4321f2bd97d53
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 11 Jul 2024 09:27:51 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=81, rtx=0, c=23, mss=1232, tbw=4332, tp=9, tpl=0, uplat=87, ullat=0
pragma
public
x-fb-debug
rM70AdhguYcZggdvuJzFRYFqh6e1lTrbUgHQtHs8VgFSbQP7PfiucRlbsZhTEfvS4bDHv7dtWuXdNOpxEjRNuQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
gen_204
maps.googleapis.com/maps/api/mapsjs/ 		0
0
/
www.googleadservices.com/pagead/conversion/782832368/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/782832368/?random=1720690071370&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&label=ConversionATravesDeGoogleAds&hn=www.googleadservices.com&frm=0&tiba=Banesco&value=0&currency_code=USD&bttype=purchase&npa=1&pscdl=noapi&auid=1791535439.1720690071&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=SA&capi=1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-782832368&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lhr35s11-in-f2.1e100.net
Software
cafe /
Resource Hash
4464d8b42c46caf9d5be73b6cb824806760cfbe3d965f3ed5a0d814ce2db3d5e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 11 Jul 2024 09:27:51 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1603
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
98 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1925717894193659&ev=PageView&dl=https%3A%2F%2Ftarjetas.banesco.com.pa&rl=&if=false&ts=1720690071415&sw=1600&sh=1200&v=2.9.161&r=stable&ec=0&o=4124&fbp=fb.2.1720690071412.302331916976240764&pm=1&hrl=7e897d&ler=empty&cdl=API_unavailable&it=1720690069217&coo=false&cs_cc=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=73, rtx=0, c=10, mss=1368, tbw=3122, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 11 Jul 2024 09:27:51 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1925717894193659&ev=PageView&dl=https%3A%2F%2Ftarjetas.banesco.com.pa&rl=&if=false&ts=1720690071415&sw=1600&sh=1200&v=2.9.161&r=stable&ec=0&o=4124&fbp=fb.2.1720690071412.302331916976240764&pm=1&hrl=7e897d&ler=empty&cdl=API_unavailable&it=1720690069217&coo=false&cs_cc=1&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x37d5878b5f3dff65","source_keys":["1","2"]},{"key_piece":"0x6812c2ba5f06f8c6","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 11 Jul 2024 09:27:51 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7390307582392042815", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=72, rtx=0, c=14, mss=1368, tbw=6981, tp=-1, tpl=-1, uplat=175, ullat=0
pragma
no-cache
x-fb-debug
rP3r3s45pjOMDgRKjH5oTcDmF6eu/u4SazKiS0DiaVjkHNLkPfwEBKcP5nU0WHXAvxaUXjGN2V8shs/4C1z+hA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7390307582392042815"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
270 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1254348371621878&ev=PageView&dl=https%3A%2F%2Ftarjetas.banesco.com.pa&rl=&if=false&ts=1720690071417&sw=1600&sh=1200&v=2.9.161&r=stable&ec=0&o=4124&fbp=fb.2.1720690071412.302331916976240764&pm=1&hrl=0d7557&ler=empty&cdl=API_unavailable&it=1720690069217&coo=false&cs_cc=1&cas=7962830750449120%2C25341461312166242&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=73, rtx=0, c=10, mss=1368, tbw=2839, tp=-1, tpl=-1, uplat=1, ullat=1
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 11 Jul 2024 09:27:51 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1254348371621878&ev=PageView&dl=https%3A%2F%2Ftarjetas.banesco.com.pa&rl=&if=false&ts=1720690071417&sw=1600&sh=1200&v=2.9.161&r=stable&ec=0&o=4124&fbp=fb.2.1720690071412.302331916976240764&pm=1&hrl=0d7557&ler=empty&cdl=API_unavailable&it=1720690069217&coo=false&cs_cc=1&cas=7962830750449120%2C25341461312166242&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x6a50c3e968e641a9","source_keys":["1","2"]},{"key_piece":"0xc5b09e628cbd4390","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 11 Jul 2024 09:27:51 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7390307583345449130", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=72, rtx=0, c=14, mss=1368, tbw=3273, tp=-1, tpl=-1, uplat=170, ullat=0
pragma
no-cache
x-fb-debug
j9jzq/cXu3SxiC3h7vnC7Ne30y6OU0GOzBj9kBaBjt71N5q2sDTKD7VC43PhWvez+cv+hOrTjVDlpDkk9s50lQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7390307583345449130"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
adsct
t.co/i/ 		43 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=cf3ec65f-e5c6-472d-b726-58b8e77e2bb1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=45d39279-d296-472d-80db-ce13bb8793c7&tw_document_href=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvdd4&type=javascript&version=2.3.30
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time
179
date
Thu, 11 Jul 2024 09:27:51 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
80d0da96dc2d67a9
cache-control
no-cache, no-store, max-age=0
perf
7402827104
x-connection-hash
cbe3e0b03c3b1d8733bbc2388917a5573cbe4423440abc21861c31534e4159cf
content-length
43
adsct
analytics.twitter.com/i/ 		0
0
collect
www.google-analytics.com/j/ 		16 B
227 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1133475141&t=pageview&_s=1&dl=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&ul=fi-fi&de=UTF-8&dt=Banesco&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=1124332844&gjid=966756722&cid=2106593197.1720690072&tid=UA-54431125-4&_gid=485213702.1720690072&_r=1&_slc=1&gtm=45He4790n81MKJNN2Zv810196344za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&npa=1&z=1982986671
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fa973d4771f0294b5049273b5ea9bbcf667f74d5dac6cccfb658429d7a610d75
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 11 Jul 2024 09:27:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://tarjetas.banesco.com.pa
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.fi/pagead/1p-conversion/782832368/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/782832368/?random=1592550666&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd...
  • https://www.google.com/pagead/1p-conversion/782832368/?random=1592550666&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd=13l3l3l2l1&dma_cps=s...
  • https://www.google.fi/pagead/1p-conversion/782832368/?random=1592550666&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd=13l3l3l2l1&dma_cps=sy...
0
0
collect
stats.g.doubleclick.net/j/ 		0
0
js
www.googletagmanager.com/gtag/ 		288 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-B12PTG27HL&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.168 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
6af9d81515d7157939c5a77568970e08b23fe6774a1ecfdb6939ac0d2b3d81eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
99783
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 11 Jul 2024 09:27:51 GMT
ga-audiences
www.google.fi/ads/ 		0
0
GetProduct
banesco-tdc-api.azurewebsites.net/api/Catalog/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://banesco-tdc-api.azurewebsites.net/api/Catalog/GetProduct
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.173.139.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,tdcheader
Access-Control-Request-Method
GET
Origin
https://tarjetas.banesco.com.pa
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Headers
content-Type, accept, origin, X-Requested-With, name, authorization, tdcheader
Access-Control-Allow-Methods
POST, GET, OPTIONS
Access-Control-Allow-Origin
*
Cache-Control
private
Content-Length
0
Date
Thu, 11 Jul 2024 09:27:52 GMT
Request-Context
appId=cid-v1:f3b23123-a40f-45e4-a277-5502f349098c
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
GetProduct
banesco-tdc-api.azurewebsites.net/api/Catalog/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://banesco-tdc-api.azurewebsites.net/api/Catalog/GetProduct
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.173.139.99 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
180178e2b8ebc8812e78cd71ca219dd7d5c67e4c0df949a27b8573db84407ad7

Request headers

Accept
application/json, text/plain, */*
Referer
https://tarjetas.banesco.com.pa/
Authorization
Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiJjMzEyNmQ5Ni01YzA5LTRiNDktYjYxMi0yOTQxODA5MjQwYWEiLCJ1bmlxdWVfbmFtZSI6ImpvdmVmZnVubm9kYS0wNjIyQHlvcG1haWwuY29tIiwiZW1haWwiOiJqb3ZlZmZ1bm5vZGEtMDYyMkB5b3BtYWlsLmNvbSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL21vYmlsZXBob25lIjoiam92ZWZmdW5ub2RhLTA2MjJAeW9wbWFpbC5jb20iLCJqdGkiOiI0MmFhNWQ2ZC0yMzQzLTRkN2MtYTIxMi05NGI5ZTYyYTgxMGYiLCJuYmYiOjE3MjA2OTAwNzIsImV4cCI6MTcyMDY5MTI3MiwiaWF0IjoxNzIwNjkwMDcyfQ.DcTMQUzrwwFzBRrHUPGU9DdcUsN1ILsx-1a4eAtNaAU
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
tdcheader
{"ip":"193.138.7.220","os":"Linux","browser":"Chrome,126.0.0.0","device":"desktop or others"}

Response headers

Expires
-1
Pragma
no-cache
Date
Thu, 11 Jul 2024 09:27:53 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Access-Control-Allow-Methods
POST, GET, OPTIONS
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Headers
content-Type, accept, origin, X-Requested-With, name, authorization, tdcheader
Content-Length
824
Request-Context
appId=cid-v1:f3b23123-a40f-45e4-a277-5502f349098c
api.js
www.google.com/recaptcha/ 		1 KB
988 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=explicit
Requested by
Host: tarjetas.banesco.com.pa
URL: https://tarjetas.banesco.com.pa/main.bc9c0623318deb21f90b.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f4.1e100.net
Software
GSE /
Resource Hash
589474d402967b1358ea8f6d28d1044fdea69676f786e656f4e670b002eaa038
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 11 Jul 2024 09:27:52 GMT
collect
www.google-analytics.com/ 		35 B
55 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1133475141&t=pageview&_s=1&dl=https%3A%2F%2Ftarjetas.banesco.com.pa%2Fsolicitar-tarjeta-de-credito%2Fprecalificacion%2Fsolicitud&ul=fi-fi&de=UTF-8&dt=Banesco&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAEABAAAAACAAI~&jid=&gjid=&cid=2106593197.1720690072&tid=UA-54431125-4&_gid=485213702.1720690072&gtm=45He4790n81MKJNN2Zv810196344za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&npa=1&z=99957965
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.78 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil07s08-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 Jul 2024 10:12:25 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
83727
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
120 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1925717894193659&ev=PageView&dl=https%3A%2F%2Ftarjetas.banesco.com.pa&rl=&if=false&ts=1720690072279&sw=1600&sh=1200&v=2.9.161&r=stable&ec=1&o=4124&fbp=fb.2.1720690071412.302331916976240764&pm=1&hrl=c5400c&ler=empty&cdl=API_unavailable&it=1720690069217&coo=false&cs_cc=1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=72, rtx=0, c=10, mss=1368, tbw=8312, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 11 Jul 2024 09:27:52 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1925717894193659&ev=PageView&dl=https%3A%2F%2Ftarjetas.banesco.com.pa&rl=&if=false&ts=1720690072279&sw=1600&sh=1200&v=2.9.161&r=stable&ec=1&o=4124&fbp=fb.2.1720690071412.302331916976240764&pm=1&hrl=c5400c&ler=empty&cdl=API_unavailable&it=1720690069217&coo=false&cs_cc=1&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x37d5878b5f3dff65","source_keys":["1","2"]},{"key_piece":"0x6812c2ba5f06f8c6","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 11 Jul 2024 09:27:52 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7390307586677281816", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=72, rtx=0, c=10, mss=1368, tbw=8597, tp=-1, tpl=-1, uplat=299, ullat=0
pragma
no-cache
x-fb-debug
rvA3H3XtjhtSm2QPmKlHzU6YNXbLe/3ShU069mrAffqDPXWLUy6vuD+kryqxlfdY9Eu9UCTfbVeXnAvleLXzyQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7390307586677281816"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
99 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1254348371621878&ev=PageView&dl=https%3A%2F%2Ftarjetas.banesco.com.pa&rl=&if=false&ts=1720690072283&sw=1600&sh=1200&v=2.9.161&r=stable&ec=1&o=4124&fbp=fb.2.1720690071412.302331916976240764&pm=1&hrl=5e2a9b&ler=empty&cdl=API_unavailable&it=1720690069217&coo=false&cs_cc=1&cas=7962830750449120%2C25341461312166242&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
GOOD; q=0.7, rtt=72, rtx=0, c=10, mss=1368, tbw=8445, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 11 Jul 2024 09:27:52 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
1018 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1254348371621878&ev=PageView&dl=https%3A%2F%2Ftarjetas.banesco.com.pa&rl=&if=false&ts=1720690072283&sw=1600&sh=1200&v=2.9.161&r=stable&ec=1&o=4124&fbp=fb.2.1720690071412.302331916976240764&pm=1&hrl=5e2a9b&ler=empty&cdl=API_unavailable&it=1720690069217&coo=false&cs_cc=1&cas=7962830750449120%2C25341461312166242&rqm=FGET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x6a50c3e968e641a9","source_keys":["1","2"]},{"key_piece":"0xc5b09e628cbd4390","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Thu, 11 Jul 2024 09:27:52 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7390307586761462928", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
GOOD; q=0.7, rtt=72, rtx=0, c=10, mss=1368, tbw=9635, tp=-1, tpl=-1, uplat=317, ullat=0
pragma
no-cache
x-fb-debug
Rl0B5Zlw3fCUFoD4OJ153GJyWS9TkvJ5vNPI+4VTwI/7zxnPMewFidPDYDK9UQTE+Ctcl1a+XcBOg+tQHsqNpQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7390307586761462928"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
fonts.gstatic.com/s/materialicons/v142/ 		125 KB
125 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/materialicons/v142/flUhRq6tzZclQEJ-Vdg-IuiaDsNc.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/icon?family=Material+Icons
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.217.18.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra02s19-in-f3.1e100.net
Software
sffe /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://tarjetas.banesco.com.pa
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 09 Jul 2024 09:45:17 GMT
x-content-type-options
nosniff
age
171755
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
128352
x-xss-protection
0
last-modified
Mon, 08 Apr 2024 19:04:47 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 09 Jul 2025 09:45:17 GMT
favicon.png
banescotdc.blob.core.windows.net/angular-assets/favicons/ 		32 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
https://banescotdc.blob.core.windows.net/angular-assets/favicons/favicon.png
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.60.220.225 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
1fd77ea1b27750dc961adfa53134e81c2f61f05180d0b501cf9afa5f13b9ad23

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 11 Jul 2024 09:27:50 GMT
Last-Modified
Wed, 20 Feb 2019 23:21:15 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
SpT3apMOu8apfwNvDDGe3w==
ETag
0x8D6978A1C2F3CC8
Content-Type
image/png
x-ms-request-id
2d763dd9-a01e-006e-3674-d39f92000000
x-ms-version
2009-09-19
Content-Length
32377
1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3
data.pendo.io/data/ptm.gif/ 		42 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://data.pendo.io/data/ptm.gif/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3?v=2.237.2_prod&ct=1720690072343&jzb=eJw1kF1PwjAUhv9Lr9kHLWPAHQFEDBmKTI3GLKXrtEu3Lu0ZSAj_ncOHvWuf55y8b7-OBA6NJCOiDc9Jh2yt2TtpM1AVvnZjGvaHYRhTxrodslNOgbGZynEge54l01W2yRL17orY0vnnEhdwIUxbw80ZTyarNNl4abJ4SWfeYopCazWSX4DGjYIAuC0lcOdveS2dML4wld_wwBmthELq3Q0vl56wMscAQWOl4FoVSnChTP0vt5cCjTWNI6PjtdC9Bo16Qz8e4ol6lLI-YycUuZU1bPh2gUnrVusOgduFmPWkeJtD-8PCj8dyXePawvJKXuE-HZR6VeWDtFhq-pQgdNI5zHHFuzWMq9eiq8zDX9nvzS5_egCJkVgUnb7PN594bA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
85.204.107.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:52 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
server
istio-envoy
access-control-max-age
600
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
*
access-control-allow-credentials
false
x-envoy-upstream-service-time
123
access-control-allow-headers
*
content-length
42
alt-svc
clear
1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3
data.pendo.io/data/guide.js/ 		410 B
474 B 		Script
General
Check archive.org
Download Go to
Full URL
https://data.pendo.io/data/guide.js/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3?id=9&jzb=eJx9j09LAzEQxb9LzpukjcLC3kpbZEG2il0FL2FM0hpJk5A_vch-905F14PgbXjvN2_mfZKzzbaE1GvSEfmwHTY7uZeDfcmHNom713vSEFAqVF--kNV6vRuHPR2H_nHc0n6Dfk0OnfdSYu44L5A-TIHM3sCbrAJT4cQi8BycVRZd-k1QbahKRuN5HpNR4OzBKlA2-B-4aowPTj__Pumrcw054b6GAqSbG1xH-08LB_5Y4WiQMF6OT2Sam82rf9shFCEZX1YzihKevuYsl3zRcrEQt5h_Ninj6ygLJm5aJmRMQZNpugDLSnVE&v=2.237.2_prod&ct=1720690072345
Requested by
Host: cdn.pendo.io
URL: https://cdn.pendo.io/agent/static/1e7c2fcf-6106-47c5-50f5-a7f0496b8ed3/pendo.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.204.85 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
85.204.107.34.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
930cca53685c85415f0bd2549df9c6f1aef8b072b211e592ea7bbe6c0ee23262
Security Headers
Name Value
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Thu, 11 Jul 2024 09:27:52 GMT
via
1.1 google
x-content-type-options
nosniff
strict-transport-security
max-age=63072000
server
istio-envoy
access-control-max-age
600
access-control-allow-methods
GET,POST
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-credentials
false
x-envoy-upstream-service-time
29
access-control-allow-headers
*
content-length
410
alt-svc
clear
recaptcha__fi.js
www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/ 		536 KB
213 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__fi.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
18e7b1d3b0e770606fa3675864a5d84684f0193bf03646b07d3e3667521d3922
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
Origin
https://tarjetas.banesco.com.pa
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 09 Jul 2024 09:47:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
171619
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
217583
x-xss-protection
0
last-modified
Sun, 23 Jun 2024 08:01:07 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 09 Jul 2025 09:47:33 GMT
anchor
www.google.com/recaptcha/api2/ Frame 9054 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lf3HsYUAAAAAIy3UAH5awUyZghY9Z4BKTKSm-w4&co=aHR0cHM6Ly90YXJqZXRhcy5iYW5lc2NvLmNvbS5wYTo0NDM.&hl=fi&type=image&v=rKbTvxTxwcw5VqzrtN-ICwWt&size=invisible&badge=bottomright&cb=kab2iwc5xf5s
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__fi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-7GHic5KJceuLRT6H4olQaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-7GHic5KJceuLRT6H4olQaQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jul 2024 09:27:53 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
bframe
www.google.com/recaptcha/api2/ Frame 76FD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=fi&v=rKbTvxTxwcw5VqzrtN-ICwWt&k=6Lf3HsYUAAAAAIy3UAH5awUyZghY9Z4BKTKSm-w4
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/rKbTvxTxwcw5VqzrtN-ICwWt/recaptcha__fi.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-uy9lTO4Wl8crNmUAJejXRg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://tarjetas.banesco.com.pa/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-uy9lTO4Wl8crNmUAJejXRg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 11 Jul 2024 09:27:54 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
common.js
maps.googleapis.com/maps-api-v3/api/js/57/8a/intl/es_ALL/ 		255 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/57/8a/intl/es_ALL/common.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDT1_6oCYowChGONrY0oZCWy77NRdhMfqk&libraries=places&language=es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
86e974b88e73e0646ed7aff5dedc3555bbca75a9487fd9fd6fdb97889a2ce852
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 10 Jul 2024 19:31:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
50186
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57201
x-xss-protection
0
last-modified
Tue, 09 Jul 2024 22:20:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 10 Jul 2025 19:31:30 GMT
util.js
maps.googleapis.com/maps-api-v3/api/js/57/8a/intl/es_ALL/ 		123 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://maps.googleapis.com/maps-api-v3/api/js/57/8a/intl/es_ALL/util.js
Requested by
Host: maps.googleapis.com
URL: https://maps.googleapis.com/maps/api/js?key=AIzaSyDT1_6oCYowChGONrY0oZCWy77NRdhMfqk&libraries=places&language=es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://tarjetas.banesco.com.pa/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 10 Jul 2024 19:31:30 GMT
content-encoding
br
x-content-type-options
nosniff
age
50186
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/maps-api-js
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
57833
x-xss-protection
0
last-modified
Tue, 09 Jul 2024 22:20:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="maps-api-js"
vary
Accept-Encoding, Origin
report-to
{"group":"maps-api-js","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/maps-api-js"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 10 Jul 2025 19:31:30 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
content.hotjar.io
URL
https://content.hotjar.io/?site_id=982761&gzip=1
Domain
s2.adform.net
URL
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Domain
maps.googleapis.com
URL
https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true
Domain
analytics.twitter.com
URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=cf3ec65f-e5c6-472d-b726-58b8e77e2bb1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=45d39279-d296-472d-80db-ce13bb8793c7&tw_document_href=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvdd4&type=javascript&version=2.3.30
Domain
www.google.fi
URL
https://www.google.fi/pagead/1p-conversion/782832368/?random=1592550666&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&label=ConversionATravesDeGoogleAds&hn=www.googleadservices.com&frm=0&tiba=Banesco&value=0&currency_code=USD&npa=1&pscdl=noapi&auid=1791535439.1720690071&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMIjfftg9aehwMVjME7Ah3jXQTlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6IGh0dHBzOi8vdGFyamV0YXMuYmFuZXNjby5jb20ucGEv&is_vtc=1&cid=CAQSKQDaQooL9D_tcqWKMV1mj85rvKt_YbPcGWDE48vqmkDBx1W5rLe3sTs5&eitems=ChAI8IW-tAYQhrKIhqr9h4IXEh0A2cvrxh5nqPVbLS-4SOHCH5-Q8roiAO7-TKqP2g&random=819649516&ipr=y
Domain
stats.g.doubleclick.net
URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-54431125-4&cid=2106593197.1720690072&jid=1124332844&gjid=966756722&_gid=485213702.1720690072&npa=1&_u=YEBAAEAAAAAAACAAI~&z=989825664
Domain
www.google.fi
URL
https://www.google.fi/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B12PTG27HL&cid=2106593197.1720690072&gtm=45je4790v9136052710za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3&npa=1&frm=0&z=265856595

Verdicts & Comments Add Verdict or Comment

94 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 function| fbq function| _fbq object| pendo object| amplitude function| hj object| _hjSettings object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled function| webpackJsonp object| core function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader object| __zone_symbol__loadfalse function| $ function| jQuery object| bootstrap function| Hammer boolean| ngDevMode object| ng object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse object| __zone_symbol__beforeunloadfalse object| __zone_symbol__scrolltrue object| __zone_symbol__scrollfalse object| __zone_symbol__storagefalse object| __zone_symbol__focusfalse object| __zone_symbol__unloadfalse object| __zone_symbol__securitypolicyviolationfalse object| _pendo_wrLVYSM0 object| __zone_symbol__errortrue object| __zone_symbol__messagefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| dataLayer object| google_tag_manager object| google_tag_data function| twq string| GoogleAnalyticsObject function| ga function| onYouTubeIframeAPIReady object| _adftrack object| google object| litHtmlVersions object| module$exports$mapsapi$geometry$spherical object| litElementVersions object| reactiveElementVersions object| module$contents$mapsapi$overlay$overlayView_OverlayView object| GooglebQhCsO object| __zone_symbol__pageshowfalse object| regeneratorRuntime object| twttr object| gaplugins object| gaGlobal object| gaData object| __zone_symbol__blurfalse object| __zone_symbol__pagehidefalse function| ngx_captcha_onload_callback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| recaptcha object| closure_lm_950183 function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener function| eventListeners function| removeAllListeners

16 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09AB84SrvfqZISkmOV5JLuAl316QQOybG7_ZyKU8s1iRNBvuImEuOkDZfWBL28qKpbAQo1Viz7S0l_wijUqs_avTk
.banesco.com.pa/ Name: visid_incap_2809194
Value: KZdjlAR0Raes0LRJf2qyeJOlj2YAAAAAQUIPAAAAAAAxgJx6eEOPdmRfh9FfQRPw
.banesco.com.pa/ Name: nlbi_2809194
Value: 9a0tHCC2mie+IObkIp4gXAAAAACEVsmofvyFypp1VN1xTswb
.banesco.com.pa/ Name: incap_ses_633_2809194
Value: bHqzWeAypSSCvcNfQd7ICJOlj2YAAAAA8MZhQBKDcfWAYm9dx22HDA==
.banesco.com.pa/ Name: amplitude_id_6c2aa48dfbbca13e04ea34788ea8a75dbanesco.com.pa
Value: eyJkZXZpY2VJZCI6IjEzNTBkMDIyLTNmZjYtNDM1YS04YmJmLTE2YTcwNjYwZTE4ZVIiLCJ1c2VySWQiOm51bGwsIm9wdE91dCI6ZmFsc2UsInNlc3Npb25JZCI6MTcyMDY5MDA2OTA5NiwibGFzdEV2ZW50VGltZSI6MTcyMDY5MDA2OTA5NiwiZXZlbnRJZCI6MCwiaWRlbnRpZnlJZCI6MCwic2VxdWVuY2VOdW1iZXIiOjB9
.banesco.com.pa/ Name: _hjSessionUser_982761
Value: eyJpZCI6IjI0ZTc5Yzc3LTJhOWUtNWJiYi05YmUxLWZjMDc4MmZiYjkyNiIsImNyZWF0ZWQiOjE3MjA2OTAwNzA0ODgsImV4aXN0aW5nIjp0cnVlfQ==
.banesco.com.pa/ Name: _hjSession_982761
Value: eyJpZCI6IjdlMmZjZGI5LTA0YWMtNDIzOC05NGNmLWZkNDY5YWZlNGQ1YiIsImMiOjE3MjA2OTAwNzA0ODksInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
.banesco.com.pa/ Name: _gcl_au
Value: 1.1.1791535439.1720690071
.banesco.com.pa/ Name: _fbp
Value: fb.2.1720690071412.302331916976240764
.banesco.com.pa/ Name: _ga
Value: GA1.3.2106593197.1720690072
.banesco.com.pa/ Name: _gid
Value: GA1.3.485213702.1720690072
.banesco.com.pa/ Name: _gat_UA-54431125-4
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUluSkwjn2Yvcl0GcqETJzHtBnbMrG8VttDMUQDaEGBUD7-d1jv4VQm2uhHR
.t.co/ Name: muc_ads
Value: 62f96ffe-0dbd-4038-af3a-c938f53f8e78
.banesco.com.pa/ Name: _ga_B12PTG27HL
Value: GS1.3.1720690071.1.1.1720690072.59.0.0
.tarjetas.banesco.com.pa/ Name: token
Value: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiJjMzEyNmQ5Ni01YzA5LTRiNDktYjYxMi0yOTQxODA5MjQwYWEiLCJ1bmlxdWVfbmFtZSI6ImpvdmVmZnVubm9kYS0wNjIyQHlvcG1haWwuY29tIiwiZW1haWwiOiJqb3ZlZmZ1bm5vZGEtMDYyMkB5b3BtYWlsLmNvbSIsImh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3dzLzIwMDUvMDUvaWRlbnRpdHkvY2xhaW1zL21vYmlsZXBob25lIjoiam92ZWZmdW5ub2RhLTA2MjJAeW9wbWFpbC5jb20iLCJqdGkiOiI0MmFhNWQ2ZC0yMzQzLTRkN2MtYTIxMi05NGI5ZTYyYTgxMGYiLCJuYmYiOjE3MjA2OTAwNzIsImV4cCI6MTcyMDY5MTI3MiwiaWF0IjoxNzIwNjkwMDcyfQ.DcTMQUzrwwFzBRrHUPGU9DdcUsN1ILsx-1a4eAtNaAU

13 Console Messages

Source Level URL
Text
security error URL: https://script.hotjar.com/modules.e4b2dc39f985f11fb1e4.js(Line 1)
Message:
Refused to connect to 'wss://ws.hotjar.com/api/v2/client/ws?v=7&site_id=982761' because it violates the following Content Security Policy directive: "connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io".
security error URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Message:
Refused to connect to 'https://content.hotjar.io/?site_id=982761&gzip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io".
security error URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Message:
Refused to connect to 'https://maps.googleapis.com/maps/api/mapsjs/gen_204?csp_test=true' because it violates the following Content Security Policy directive: "connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io".
security error URL: https://tarjetas.banesco.com.pa/
Message:
Refused to load the image 'https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=cf3ec65f-e5c6-472d-b726-58b8e77e2bb1&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=45d39279-d296-472d-80db-ce13bb8793c7&tw_document_href=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nvdd4&type=javascript&version=2.3.30' because it violates the following Content Security Policy directive: "img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com".
security error URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Message:
Refused to connect to 'https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-54431125-4&cid=2106593197.1720690072&jid=1124332844&gjid=966756722&_gid=485213702.1720690072&npa=1&_u=YEBAAEAAAAAAACAAI~&z=989825664' because it violates the following Content Security Policy directive: "connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io".
security error URL: https://tarjetas.banesco.com.pa/
Message:
Refused to load the script 'https://s2.adform.net/banners/scripts/st/trackpoint-async.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-B12PTG27HL&gtm=45je4790v9136052710za200&_p=1720690070627&_gaz=1&gcd=13l3l3l2l3&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&ul=fi-fi&sr=1600x1200&cid=2106593197.1720690072&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&dt=Banesco&sid=1720690071&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3951&_z=fetch' because it violates the following Content Security Policy directive: "connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io".
javascript error URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-B12PTG27HL&gtm=45je4790v9136052710za200&_p=1720690070627&_gaz=1&gcd=13l3l3l2l3&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&ul=fi-fi&sr=1600x1200&cid=2106593197.1720690072&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&dt=Banesco&sid=1720690071&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=3951&_z=fetch' because it violates the document's Content Security Policy.
security error URL: https://www.googletagmanager.com/gtag/js?id=G-B12PTG27HL&cx=c&_slc=1(Line 187)
Message:
Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-B12PTG27HL&cid=2106593197.1720690072&gtm=45je4790v9136052710za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3&npa=1&frm=0' because it violates the following Content Security Policy directive: "connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io".
security error URL: https://tarjetas.banesco.com.pa/
Message:
Refused to load the image 'https://www.google.fi/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-B12PTG27HL&cid=2106593197.1720690072&gtm=45je4790v9136052710za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3&npa=1&frm=0&z=265856595' because it violates the following Content Security Policy directive: "img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com".
security error URL: https://tarjetas.banesco.com.pa/
Message:
Refused to load the image 'https://www.google.fi/pagead/1p-conversion/782832368/?random=1592550666&cv=11&fst=1720690071370&bg=ffffff&guid=ON&async=1&gtm=45be4790v873055111z8810196344za201zb810196344&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Ftarjetas.banesco.com.pa%2F&label=ConversionATravesDeGoogleAds&hn=www.googleadservices.com&frm=0&tiba=Banesco&value=0&currency_code=USD&npa=1&pscdl=noapi&auid=1791535439.1720690071&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=SA&capi=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShVldmVudC1zb3VyY2UsIHRyaWdnZXJaAwoBAWIECgICAw&pscrd=IhMIjfftg9aehwMVjME7Ah3jXQTlMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs6IGh0dHBzOi8vdGFyamV0YXMuYmFuZXNjby5jb20ucGEv&is_vtc=1&cid=CAQSKQDaQooL9D_tcqWKMV1mj85rvKt_YbPcGWDE48vqmkDBx1W5rLe3sTs5&eitems=ChAI8IW-tAYQhrKIhqr9h4IXEh0A2cvrxh5nqPVbLS-4SOHCH5-Q8roiAO7-TKqP2g&random=819649516&ipr=y' because it violates the following Content Security Policy directive: "img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com".
security error URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-B12PTG27HL&gtm=45je4790v9136052710za200&_p=1720690070627&gcd=13l3l3l2l3&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&ul=fi-fi&sr=1600x1200&cid=2106593197.1720690072&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=2&dl=https%3A%2F%2Ftarjetas.banesco.com.pa%2Fsolicitar-tarjeta-de-credito%2Fprecalificacion%2Fsolicitud&dt=Banesco&sid=1720690071&sct=1&seg=1&en=page_view&_ee=1&_et=304&tfd=9157&_z=fetch' because it violates the following Content Security Policy directive: "connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io".
javascript error URL: https://tarjetas.banesco.com.pa/polyfills.63ac4754fdc7e807be1d.bundle.js
Message:
Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-B12PTG27HL&gtm=45je4790v9136052710za200&_p=1720690070627&gcd=13l3l3l2l3&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&ul=fi-fi&sr=1600x1200&cid=2106593197.1720690072&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=2&dl=https%3A%2F%2Ftarjetas.banesco.com.pa%2Fsolicitar-tarjeta-de-credito%2Fprecalificacion%2Fsolicitud&dt=Banesco&sid=1720690071&sct=1&seg=1&en=page_view&_ee=1&_et=304&tfd=9157&_z=fetch' because it violates the document's Content Security Policy.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; frame-src https://www.google.com:* https://www.googletagmanager.com:* https://app.pendo.io/ https://bid.g.doubleclick.net:* https://vars.hotjar.com:* https://www.youtube.com:*; font-src 'self' https://script.hotjar.com:* https://fonts.gstatic.com:*; style-src 'self' 'unsafe-inline' https://tagmanager.google.com:* https://fonts.googleapis.com:* 'unsafe-inline' https://app.pendo.io https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.gstatic.com:* https://www.google.com:* https://tagmanager.google.com:* https://cdn.amplitude.com:* https://maps.googleapis.com https://maps.gstatic.com https://data.pendo.io/ https://tpc.googlesyndication.com:* https://analytics.twitter.com:* https://googleads.g.doubleclick.net:* https://a2.adform.net:* https://static.ads-twitter.com:* https://www.googleadservices.com:* https://connect.facebook.net:* https://apis.google.com:* https://static.hotjar.com:* https://script.hotjar.com:* *.googletagmanager.com:* *.google-analytics.com:* 'unsafe-inline' 'unsafe-eval' https://app.pendo.io https://pendo-io-static.storage.googleapis.com https://cdn.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; connect-src 'self' https://pendo-static-6597142639280128.storage.googleapis.com:* https://data.pendo.io:* *.azurewebsites.net:* https://api.ipify.org:* https://in.hotjar.com:* wss://ws1.hotjar.com:* https://www.google-analytics.com:* https://vc.hotjar.io:* wss://ws9.hotjar.com:* https://app.pendo.io; img-src 'self' data: https://ssl.gstatic.com:* https://www.gstatic.com:* https://maps.gstatic.com:* https://ssl.gstatic.com/analytics-suite:* https://www.facebook.com:* https://data.pendo.io/ https://t.co:* https://www.google.com.pa:* https://googleads.g.doubleclick.net:* https://www.google.com:* https://banescotdc.blob.core.windows.net:* https://stats.g.doubleclick.net:* *.google-analytics.com:* https://www.googletagmanager.com:* https://cdn.pendo.io https://app.pendo.io https://pendo-static-6597142639280128.storage.googleapis.com; frame-ancestors https://app.pendo.io; child-src https://app.pendo.io; object-src 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.twitter.com
api.ipify.org
banesco-tdc-api.azurewebsites.net
banescotdc.blob.core.windows.net
cdn.amplitude.com
cdn.pendo.io
connect.facebook.net
content.hotjar.io
data.pendo.io
fonts.googleapis.com
fonts.gstatic.com
maps.googleapis.com
s2.adform.net
script.hotjar.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
t.co
tarjetas.banesco.com.pa
vc.hotjar.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.fi
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
analytics.twitter.com
content.hotjar.io
maps.googleapis.com
s2.adform.net
stats.g.doubleclick.net
www.google.fi
104.26.12.205
13.32.27.107
142.250.185.168
142.250.186.36
146.75.120.157
157.240.252.13
172.217.18.3
18.245.86.4
18.66.102.53
18.66.112.79
20.60.220.225
216.58.206.66
216.58.206.78
2a00:1450:4001:806::2003
2a00:1450:4001:811::2008
2a00:1450:4001:811::200a
2a00:1450:4001:812::2003
2a00:1450:4001:81d::200e
2a00:1450:4001:82a::200a
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f177:83:face:b00c:0:25de
34.107.204.85
34.36.213.229
45.60.46.27
52.173.139.99
93.184.221.165
15f534730d7006330d370ee80c385d9d9bb1859dd215f6c3755b8bc9a45f36f5
180178e2b8ebc8812e78cd71ca219dd7d5c67e4c0df949a27b8573db84407ad7
18e7b1d3b0e770606fa3675864a5d84684f0193bf03646b07d3e3667521d3922
1fd77ea1b27750dc961adfa53134e81c2f61f05180d0b501cf9afa5f13b9ad23
2173f130ca59dc5554498343432f02f92ecce45c4f9381ea12b203a2978f33d4
228588bcbb021c7d7ce48d97cd60d9469e52fb2ae039f1afe11544ba37dd0f88
234cf14ff7fb3e0a955a054b9fa30244be2c1c56ec6877adb8cd4108d86f9e5f
284f9a0e5c83c155db9573bd00a9415872f36cd8f13fc325b95d51e272dc4bbd
29f7df7242332058b2b40715616ac867667cbbe232a4d1a49a48b7ce98dc277f
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
38593de9c84ce9016021f128603e6c7e62a485fbca371148d7d4321f2bd97d53
3a40800615166a62b003b79ad4b98c441937e24f7dd62eb6a8bce961484b517d
3fdb87bdf14205d6b6e2849804ccf9e8cadf02074362d6cd7788ef514bacb031
44004199012159c073f8c965213f9e0aecd633dfe1d58641d7f497d3c7423a61
4464d8b42c46caf9d5be73b6cb824806760cfbe3d965f3ed5a0d814ce2db3d5e
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
589474d402967b1358ea8f6d28d1044fdea69676f786e656f4e670b002eaa038
5fed8d40fc6b5b1351029c058ceb48e2c0ff16b8df87a15f77c9d41cd423cb8a
619feac205d68f6356fcad13d6758533011a8acc7830e3deb0f763249d7516c0
669c468246558b8f3db864436e58324b35f3ccd9d1d5674212263a199e9df6d5
6af9d81515d7157939c5a77568970e08b23fe6774a1ecfdb6939ac0d2b3d81eb
6afcb419e5881dc0cd7dc2b1c8270ce69b45c9b8e02f127da408c5a013401289
6e46aebd8b3d1b2ccee73391693425524a63b373bc7a647eef58cd88b65b5c58
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
86e974b88e73e0646ed7aff5dedc3555bbca75a9487fd9fd6fdb97889a2ce852
89c8879706ab5dcc20b41c6070ea232fc9a12c22bfcd35764106bc8434149577
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
930cca53685c85415f0bd2549df9c6f1aef8b072b211e592ea7bbe6c0ee23262
9c3e29e08f0524ac9f89d5ca84dc3575d538a55a9e1733339bfa38f7b0341045
9f6550453172d98b7101852a8cd5ec525589e064eb1883e116943fd543d3404f
a8cf71d22b05de10278aa92a54326e359f1b13022868b28a496d83861de64bd9
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac2c8bd8d1ff23459583eef52ec865723b44305a840b38eba3630637f6548cc9
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b6fb8695408f3325b3c9fe773ea7903d05a4d74db7ffa08dfde75b6694c5508b
bfbbc78135f30e7ebc816c9692d75e32ab1fa5de1a33510bbd983ca791105d91
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c4832b19dd5406ac0855426096610e532861e94c65819651ada45299002455de
c5c10d8ad360c8cbcdb1516f37e8a54e0dd9603ee7b6b3b6bbec21a2a6832ed3
cb1c7475ad0e045d25ed579a8e50506e1873fb0f0d5bee755e80ca07d3bd313d
d14563998c51dc9e70af90ea513cafdd27e2c053cf9b3eea20f4b9732bae659a
d329736e516b16e0d64816a635f07f8035de8739a6fda8297eca64f6fdabce8d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e61d12046fb23908a234bc855331ed96f6ad389fce712c1ae8121acff1516b2a
e6b6e4e2d76e9c5bad2c25b10c24ef26a5bdb7fe394cfb03ff8d409f0f4d5a26
ec5550894892d3dee758ac7ca42c30f59c113d06feb0368ddb1f28e8286826c6
ed6bb8f42da5f367b561820ea6e61c9f56a06b493f926c20fce4e3c193b6c493
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f8c489b818bc2d3f3c148b8534f76c7a0440c4cd5e0129a63672a91a7e7b7799
f9011b42a1485b224b59a8890331066d796ca4ad926993fd50e275141e1a492e
fa973d4771f0294b5049273b5ea9bbcf667f74d5dac6cccfb658429d7a610d75
fe0305e06f56580252118c6d1b954bc1096825b959a523ec78d4982d57933d3a