Submitted URL: https://qatruist.gs.com/
Effective URL: https://qatruist.gs.com/content/login
Submission: On March 02 via api from IN — Scanned from DE

Summary

This website contacted 3 IPs in 3 countries across 1 domains to perform 12 HTTP transactions. The main IP is 104.83.4.34, located in Vienna, Austria and belongs to AKAMAI-ASN1, NL. The main domain is qatruist.gs.com.
TLS certificate: Issued by DigiCert Global G3 TLS ECC SHA384 202... on January 17th 2023. Valid for: a year.
This is the only time qatruist.gs.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 12 104.83.4.34 20940 (AKAMAI-ASN1)
1 91.235.133.182 30286 (THM)
1 204.4.143.215 9084 (GSI-AS Eu...)
12 3
Apex Domain
Subdomains
Transfer
14 gs.com
qatruist.gs.com
v.gs.com
idfs-qa.gs.com
191 KB
12 1
Domain Requested by
12 qatruist.gs.com 2 redirects qatruist.gs.com
1 idfs-qa.gs.com qatruist.gs.com
1 v.gs.com qatruist.gs.com
12 3

This site contains no links.

Subject Issuer Validity Valid
cdn-ak-gls-2.gs.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1
2023-01-17 -
2024-01-16
a year crt.sh
v.goldman.com
DigiCert SHA2 Extended Validation Server CA
2022-06-02 -
2023-06-29
a year crt.sh
idfs-qa.gs.com
DigiCert SHA2 Extended Validation Server CA
2022-04-02 -
2023-05-03
a year crt.sh

This page contains 1 frames:

Primary Page: https://qatruist.gs.com/content/login
Frame ID: 320EEF6C4F418B15A5623FCA273D9206
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Truist Bank Login Page

Page URL History Show full URLs

  1. https://qatruist.gs.com/ HTTP 302
    https://qatruist.gs.com/gcsp/portal/ HTTP 302
    https://qatruist.gs.com/content/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

3
IPs

3
Countries

188 kB
Transfer

606 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://qatruist.gs.com/ HTTP 302
    https://qatruist.gs.com/gcsp/portal/ HTTP 302
    https://qatruist.gs.com/content/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login
qatruist.gs.com/content/
Redirect Chain
  • https://qatruist.gs.com/
  • https://qatruist.gs.com/gcsp/portal/
  • https://qatruist.gs.com/content/login
817 B
2 KB
Document
General
Full URL
https://qatruist.gs.com/content/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
fec9dc004502b7d565c3da3398708a678a648e76cc7e804deb00ce2cf76b239a
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
content-encoding
gzip
content-length
460
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
content-type
text/html
date
Thu, 02 Mar 2023 05:08:25 GMT
etag
"100429-gzip"
expires
Thu, 02 Mar 2023 05:08:25 GMT
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
pragma
no-cache
server
WebServer
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
sameorigin
x-request-id
ZAAvSbcgW0EOe-PCJ2vcegAAARQ
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
true
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
content-encoding
gzip
content-length
72
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
date
Thu, 02 Mar 2023 05:08:25 GMT
expires
Thu, 02 Mar 2023 05:08:25 GMT
location
/content/login
pragma
no-cache
server
WebServer
strict-transport-security
max-age=31536000; includeSubdomains;
vary
Accept-Encoding
www-authenticate
Bearer error="invalid_request", error_description="No bearer token found in the request"
x-content-type-options
nosniff
x-frame-options
sameorigin
x-request-id
ZAAvSRKmrDLCHxAfQjI0ogAAAFE
x-xss-protection
1; mode=block
app.03a4941a4c3f92084deb.css
qatruist.gs.com/css/
103 KB
30 KB
Stylesheet
General
Full URL
https://qatruist.gs.com/css/app.03a4941a4c3f92084deb.css
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/content/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
2b7275f2cd7bc2f6b1470648f1a6a7a02dabf03941b4f4a242340202414b07a8
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qatruist.gs.com/content/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:25 GMT
content-encoding
gzip
content-length
29720
x-xss-protection
1; mode=block
x-request-id
Y-17oNIIm17bDyL06KDyLQAAAE8
pragma
no-cache
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
server
WebServer
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 02 Mar 2023 05:08:25 GMT
gspr1234.js
qatruist.gs.com/mfa/
3 KB
2 KB
Script
General
Full URL
https://qatruist.gs.com/mfa/gspr1234.js
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/content/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
f815fbe734c32846f2a0be0d836dc88554a91bbc09c39332b7eb2c30def1e03c
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qatruist.gs.com/content/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:25 GMT
content-encoding
gzip
content-length
1086
x-xss-protection
1; mode=block
x-request-id
Y-17oNIIm17bDyL06KDyLgAAAFA
pragma
no-cache
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
server
WebServer
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 02 Mar 2023 05:08:25 GMT
analytics.0af15d665504247f2e67.js
qatruist.gs.com/js/
7 KB
4 KB
Script
General
Full URL
https://qatruist.gs.com/js/analytics.0af15d665504247f2e67.js
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/content/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
88373beb1b65ebc85516eeceb14747f964fd334afdcdbd3b0a5babb2c4fb0916
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qatruist.gs.com/content/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:25 GMT
content-encoding
gzip
content-length
3045
x-xss-protection
1; mode=block
x-request-id
Y-wiz2UoSMQba8-1UAirnQAAAAA
pragma
no-cache
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
server
WebServer
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 02 Mar 2023 05:08:25 GMT
login.86b2b453693b84ff35e3.js
qatruist.gs.com/js/
113 KB
26 KB
Script
General
Full URL
https://qatruist.gs.com/js/login.86b2b453693b84ff35e3.js
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/content/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
92796f64592901c930f1f0f400935b85d7a0856374f0074b6f43a24884c39ad3
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qatruist.gs.com/content/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:25 GMT
content-encoding
gzip
content-length
25083
x-xss-protection
1; mode=block
x-request-id
Y-wiz2UoSMQba8-1UAirnwAAAA0
pragma
no-cache
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
server
WebServer
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 02 Mar 2023 05:08:25 GMT
vendor.50e6764a0ac43c56661c.js
qatruist.gs.com/js/
371 KB
113 KB
Script
General
Full URL
https://qatruist.gs.com/js/vendor.50e6764a0ac43c56661c.js
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/content/login
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
30371bda9c8e6943be51f65f98e7596904267fa6f0731e8da0e1ea1fcc59af30
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qatruist.gs.com/content/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:25 GMT
content-encoding
gzip
content-length
114388
x-xss-protection
1; mode=block
x-request-id
Y-17oGrV9mfweBL0viAyOgAAAUM
pragma
no-cache
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
server
WebServer
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 02 Mar 2023 05:08:25 GMT
login-configurations.json
qatruist.gs.com/content/truist-ui/nodes/
375 B
2 KB
Fetch
General
Full URL
https://qatruist.gs.com/content/truist-ui/nodes/login-configurations.json
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/js/login.86b2b453693b84ff35e3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
898c38fd7c379ddadae1490931c5af04feac59f0112f05698dfc2f31a0bd19c7
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

pragma
no-cache
accept-language
de-DE,de;q=0.9
x-requested-by
Any
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
content-type
application/json
accept
application/json
cache-control
no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Referer
https://qatruist.gs.com/content/login
expires
Tue, 01 Jan 1980 1:00:00 GMT

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:26 GMT
content-encoding
gzip
content-length
181
x-xss-protection
1; mode=block
x-request-id
ZAAvShKmrDLCHxAfQjI0qQAAAE8
pragma
no-cache
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
server
WebServer
etag
"100411-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 02 Mar 2023 05:08:26 GMT
login-en.json
qatruist.gs.com/content/truist-ui/nodes/contentkeys/
7 KB
4 KB
Fetch
General
Full URL
https://qatruist.gs.com/content/truist-ui/nodes/contentkeys/login-en.json
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/js/login.86b2b453693b84ff35e3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
5a3f8b252369d791548de9e8923afcc00c2575d48582d71e85920d5f8db13d79
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

pragma
no-cache
accept-language
de-DE,de;q=0.9
x-requested-by
Any
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
content-type
application/json
accept
application/json
cache-control
no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Referer
https://qatruist.gs.com/content/login
expires
Tue, 01 Jan 1980 1:00:00 GMT

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:26 GMT
content-encoding
gzip
content-length
2447
x-xss-protection
1; mode=block
x-request-id
ZAAvSrcgW0EOe-PCJ2vcggAAAQ0
pragma
no-cache
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
server
WebServer
etag
"10040e-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 02 Mar 2023 05:08:26 GMT
help-content-configurations.json
qatruist.gs.com/content/truist-ui/nodes/
168 B
2 KB
Fetch
General
Full URL
https://qatruist.gs.com/content/truist-ui/nodes/help-content-configurations.json
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/js/login.86b2b453693b84ff35e3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
4c742f153eb0ead4c104ba62d9c97a2f825bfd5c7adcd524b9df341df8301384
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

pragma
no-cache
accept-language
de-DE,de;q=0.9
x-requested-by
Any
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
content-type
application/json
accept
application/json
cache-control
no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Referer
https://qatruist.gs.com/content/login
expires
Tue, 01 Jan 1980 1:00:00 GMT

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:26 GMT
content-encoding
gzip
content-length
130
x-xss-protection
1; mode=block
x-request-id
ZAAvSpCTjBaudp7zuSR4sQAAANI
pragma
no-cache
last-modified
Tue, 14 Feb 2023 02:36:40 GMT
server
WebServer
etag
"100410-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
accept-ranges
bytes
expires
Thu, 02 Mar 2023 05:08:26 GMT
userapi
qatruist.gs.com/gs-sso/
733 B
2 KB
Fetch
General
Full URL
https://qatruist.gs.com/gs-sso/userapi?initialCall=true
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/js/login.86b2b453693b84ff35e3.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.83.4.34 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-83-4-34.deploy.static.akamaitechnologies.com
Software
WebServer /
Resource Hash
03a9521f79d66639b28567ba9be8027549c81784e78f23d002acb423e5f05075
Security Headers
Name Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

pragma
no-cache
accept-language
de-DE,de;q=0.9
x-requested-by
Any
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
content-type
application/json
accept
application/json
cache-control
no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0
Referer
https://qatruist.gs.com/content/login
expires
Tue, 01 Jan 1980 1:00:00 GMT

Response headers

strict-transport-security
max-age=31536000; includeSubdomains;
content-security-policy
default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
x-content-type-options
nosniff
date
Thu, 02 Mar 2023 05:08:26 GMT
content-encoding
gzip
content-length
413
x-xss-protection
1; mode=block
x-request-id
ZAAvSrcgW0EOe-PCJ2vchwAAAQY
pragma
no-cache
server
WebServer
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/html; charset=ISO-8859-1
access-control-allow-origin
*.gs.com
cache-control
no-cache, no-store
access-control-allow-credentials
true
expires
Thu, 02 Mar 2023 05:08:26 GMT
pbeo66ix3dnzk2ic.js
v.gs.com/
0
219 B
Script
General
Full URL
https://v.gs.com/pbeo66ix3dnzk2ic.js?eobd2wibx183z6bb=&madupi58memtph8g=MmVhYjZiNzEtNGE3Ni00N2MxLWFlYWYtZTIwMWIzNWZiMjBkfDE2Nzc3MzM3MDY4NzE&scs3k06frz2hztgs=001
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/mfa/gspr1234.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
91.235.133.182 , United States, ASN30286 (THM, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://qatruist.gs.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 05:08:26 GMT
Strict-Transport-Security
max-age=31536000
Server
Apache
Connection
Keep-Alive
Keep-Alive
timeout=2, max=100
Content-Type
text/javascript;charset=UTF-8
authorization.oauth2
idfs-qa.gs.com/as/
89 B
1 KB
Fetch
General
Full URL
https://idfs-qa.gs.com/as/authorization.oauth2?response_type=token&client_id=706a7b7986ca4baa91ac745b0a2ee398&state=e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855&redirect_uri=https://qatruist.gs.com/gs-sso/userapi&nonce=irrelevant&response_mode=form_post&access_token_manager_id=RefDefault8Hours&pfidpadapterid=TruistMfaJsonComp&reset=true&sessionId=MmVhYjZiNzEtNGE3Ni00N2MxLWFlYWYtZTIwMWIzNWZiMjBkfDE2Nzc3MzM3MDY4NzE
Requested by
Host: qatruist.gs.com
URL: https://qatruist.gs.com/js/login.86b2b453693b84ff35e3.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.4.143.215 Catford, United Kingdom, ASN9084 (GSI-AS European AS, GB),
Reverse DNS
Software
Apache /
Resource Hash
5591d2f95b61fb410623841cf34da7398bf2b633780544c59a13c7d157b4e566
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://honestdollarhelp1510158891.zendesk.com https://dspsandbox.zendesk.com https://gsinvestsandbox.zendesk.com https://ayco--qa.my.salesforce.com https://ayco--qa.lightning.force.com https://qa.one.concert.site.gs.com https://qa.wealth.concert.site.gs.com https://gswm-qa.lightning.force.com https://gswm--qa.my.salesforce.com https://gswm--qa.lightning.force.com https://gswm--dev.my.salesforce.com https://gswm--dev.lightning.force.com https://qa.ion.site.gs.com https://uat.ion.site.gs.com https://qa.ion.site.gs.com:8443 https://uat.ion.site.gs.com:8443 https://uat2.ion.site.gs.com https://uat2.ion.site.gs.com:8443 https://uat1.ion.site.gs.com https://uat1.ion.site.gs.com:8443 https://*.gir.services.gs.com;
Strict-Transport-Security max-age=600
X-Frame-Options SAMEORIGIN

Request headers

accept
text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8
Referer
https://qatruist.gs.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Pragma
no-cache
Date
Thu, 02 Mar 2023 05:08:26 GMT
Strict-Transport-Security
max-age=600
Content-Security-Policy
frame-ancestors 'self' https://honestdollarhelp1510158891.zendesk.com https://dspsandbox.zendesk.com https://gsinvestsandbox.zendesk.com https://ayco--qa.my.salesforce.com https://ayco--qa.lightning.force.com https://qa.one.concert.site.gs.com https://qa.wealth.concert.site.gs.com https://gswm-qa.lightning.force.com https://gswm--qa.my.salesforce.com https://gswm--qa.lightning.force.com https://gswm--dev.my.salesforce.com https://gswm--dev.lightning.force.com https://qa.ion.site.gs.com https://uat.ion.site.gs.com https://qa.ion.site.gs.com:8443 https://uat.ion.site.gs.com:8443 https://uat2.ion.site.gs.com https://uat2.ion.site.gs.com:8443 https://uat1.ion.site.gs.com https://uat1.ion.site.gs.com:8443 https://*.gir.services.gs.com;
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Origin
Content-Type
text/html;charset=utf-8
Access-Control-Allow-Origin
https://qatruist.gs.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
89
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| gspr1234 function| eventAnalytics object| jsonpFunction object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| __$$GLOBAL_REWIRE_REGISTRY__ function| __rewire_reset_all__ number| __$$GLOBAL_REWIRE_NEXT_MODULE_ID__ object| hp_frame object| tmx_frame object| tmx_script

5 Cookies

Domain/Path Name / Value
qatruist.gs.com/ Name: NSC_JOfes5t2bek5e3pdkm3vbudcwygwadb
Value: 14b5a3d9e883820c8569b1d861abd83ffe600c3aea6439adc04b6f1cd97c841e328e45d6
.gs.com/ Name: ak_bmsc
Value: B7A5267922897DA0FCDFAAF90DE87941~000000000000000000000000000000~YAAQHgRTaCD50ICGAQAAgrW4oBLb4PBkJvky0Z1fcXLQuddZ2YMSRE7ikpALKq3Yg4SBxzvAu4DvkPXS6bjJuuYHWYyeXqj62mQz1mD7ww7hY7Hs4yQAfGyNLfG/aDjP/SxpbbNQ8eojx4PIjwyJfm2RkG1KnqcpTEHMIbIb0D2rUAOmCJplDqMg7+B6kAxNeIwAHHca1FeMFn8Aw8+ByqHJtpDKjk69MrjyFRuYrVvRDg4sFWcGZsIs61xU7Bho31/LnLWAAhAnz83GJuR/PJ4qABO3BhSA3MhCFhAvOSDzbFFWa7PwOhi7dgid2q1C56leyOcTC/ghC8WDkMWznf/AqEeoCOm/PPlzThGUAM7Gv+ZH216QxV9s1e/zekgfSE6vpjzf
.qatruist.gs.com/ Name: mod_auth_openidc_state
Value: https%3A%2F%2Fd224627-003-e3.dc.gs.com%3A8000%2Fgcsp%2Fportal%2F
.gs.com/ Name: bm_sv
Value: A5EAB6383F64CF1FDF147E6DB1CF1E58~YAAQHgRTaD/50ICGAQAAZLy4oBJO6B+kuAWvXNFKbmPgOvTL5zCn3UOp6P8+2F+QCErQc6WjCPhjRfRAV+f1QqK/SPJXe/HN9IZieNLFTBWXQq0ZV9QuON9967xbyD2qA0XsL/q/dl4PL4P5zivhlvbb7iIqZQtH8WNLK5FmolCxpeRsGaFKC67tAFU3IcS3xnn9qwqkmI24bcKTj25+/4iWOe+zesyD+EuHlsGtBZTzPYs8N7QvebvRqLs=~1
idfs-qa.gs.com/ Name: PF
Value: qhoiyfvP64Ea2BTIn5L5luwez6UdTm6SoYZ2WSsgGFpM

1 Console Messages

Source Level URL
Text
security error URL: https://qatruist.gs.com/content/login
Message:
The Content-Security-Policy directive name 'blob:' contains one or more invalid characters. Only ASCII alphanumeric characters or dashes '-' are allowed in directive names.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' gap: https://*.gs.com 'unsafe-inline'; font-src 'self' https://*.gs.com https://*.online-metrix.net data:; script-src 'self' https://assets.adobedtm.com https://*.zopim.com https://assets.zendesk.com https://*.gs.com https://*.online-metrix.net https://*.demdex.net https://*.sc.omtrdc.net 'unsafe-inline' 'unsafe-eval'; blob: https://*.gs.com https://*.online-metrix.net; connect-src 'self' https://*.gs.com https://qaglobal-liquidity.gs.com https://*.omtrdc.net https://*.demdex.net 'unsafe-inline' data:; object-src 'self' https://*.gs.com https://*.online-metrix.net; child-src gap: 'self' https://*.gs.com https://*.online-metrix.net;frame-src 'self' https://*.gs.com https://*.online-metrix.net https://*.demdex.net; img-src 'self' * data: https://*.gs.com https://*.online-metrix.net https://*.omtrdc.net https://*.demdex.net https://*.everesttech.net; style-src 'self' https://*.gs.com 'unsafe-inline'; media-src 'self' https://*.gs.com;frame-ancestors 'self' http://qaglobal-liquidity.gs.com
Strict-Transport-Security max-age=31536000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block