urlscan.io logo urlscan.io
SecurityTrails logo

www.us.hsbc.com Open in urlscan Pro
18.245.86.61  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://hsbccreditcard.com/
Effective URL: https://www.us.hsbc.com/credit-cards/
Submission Tags: falconsandbox
Submission: On July 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 22 IPs in 3 countries across 15 domains to perform 110 HTTP transactions. The main IP is 18.245.86.61, located in United States and belongs to AMAZON-02, US. The main domain is www.us.hsbc.com. The Cisco Umbrella rank of the primary domain is 221845.
TLS certificate: Issued by DigiCert EV RSA CA G2 on May 24th 2024. Valid for: 4 months.
This is the only time www.us.hsbc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 99.83.228.62 16509 (AMAZON-02)
1 1 18.245.86.12 16509 (AMAZON-02)
50 18.245.86.61 16509 (AMAZON-02)
13 2600:9000:235... 16509 (AMAZON-02)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 23.45.104.216 16625 (AKAMAI-AS)
1 104.18.30.209 13335 (CLOUDFLAR...)
1 23.197.128.15 16625 (AKAMAI-AS)
5 161.113.4.185 26381 (HSBC-COM)
2 2a03:2880:f08... 32934 (FACEBOOK)
3 107.22.253.92 14618 (AMAZON-AES)
5 2a00:1450:400... 15169 (GOOGLE)
1 2 52.46.155.104 16509 (AMAZON-02)
1 142.250.184.194 15169 (GOOGLE)
2 178.249.97.23 11054 (LIVEPERSON)
2 2a03:2880:f17... 32934 (FACEBOOK)
3 3.223.231.146 14618 (AMAZON-AES)
4 178.249.97.99 11054 (LIVEPERSON)
1 54.192.137.86 16509 (AMAZON-02)
7 34.120.154.120 396982 (GOOGLE-CL...)
1 34.49.241.189 396982 (GOOGLE-CL...)
3 208.89.12.87 11054 (LIVEPERSON)
1 3.160.150.128 16509 (AMAZON-02)
2 52.13.12.238 16509 (AMAZON-02)
110 22
1    99.83.228.62 (United States)

ASN16509 (AMAZON-02, US)
PTR: a0e6630a2f9eabc8e.awsglobalaccelerator.com
hsbccreditcard.com
1    18.245.86.12 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-12.fra60.r.cloudfront.net
www.hsbccreditcard.com
50    18.245.86.61 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-61.fra60.r.cloudfront.net
www.us.hsbc.com
13    2600:9000:235a:9000:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)
tags.tiqcdn.com
1    2a02:26f0:3500:88e::13b8 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
cdn.optimizely.com
1    23.45.104.216 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-104-216.deploy.static.akamaitechnologies.com
akamai.tiqcdn.com
1    104.18.30.209 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn3.optimizely.com
1    23.197.128.15 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-197-128-15.deploy.static.akamaitechnologies.com
a19069622224.cdn.optimizely.com
5    161.113.4.185 (United States)

ASN26381 (HSBC-COM, US)
mcm-prod.us.hsbc.com
2    2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    107.22.253.92 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-253-92.compute-1.amazonaws.com
collect-us-east-1.tealiumiq.com
5    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    52.46.155.104 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
s.amazon-adsystem.com
1    142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net
cm.g.doubleclick.net
2    178.249.97.23 (United States)

ASN11054 (LIVEPERSON, US)
lptag.liveperson.net
2    2a03:2880:f177:185:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    3.223.231.146 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-223-231-146.compute-1.amazonaws.com
visitor-service-us-east-1.tealiumiq.com
4    178.249.97.99 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lo-accdn.lpsnmedia.net
accdn.lpsnmedia.net
1    54.192.137.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-192-137-86.lhr62.r.cloudfront.net
static-assets.dev.fs.liveperson.com
7    34.120.154.120 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 120.154.120.34.bc.googleusercontent.com
lpcdn.lpsnmedia.net
1    34.49.241.189 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 189.241.49.34.bc.googleusercontent.com
logx.optimizely.com
3    208.89.12.87 (United States)

ASN11054 (LIVEPERSON, US)
PTR: va.v.liveperson.net
va.v.liveperson.net
1    3.160.150.128 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-160-150-128.fra60.r.cloudfront.net
cdn.appdynamics.com
2    52.13.12.238 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-13-12-238.us-west-2.compute.amazonaws.com
col.eum-appdynamics.com
Apex Domain
Subdomains		 Transfer
55 hsbc.com
www.us.hsbc.com — Cisco Umbrella Rank: 221845
mcm-prod.us.hsbc.com — Cisco Umbrella Rank: 348016
1 MB
14 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1313
akamai.tiqcdn.com — Cisco Umbrella Rank: 13687
127 KB
11 lpsnmedia.net
accdn.lpsnmedia.net — Cisco Umbrella Rank: 4189
lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 4232
305 KB
6 tealiumiq.com
collect-us-east-1.tealiumiq.com — Cisco Umbrella Rank: 38837
visitor-service-us-east-1.tealiumiq.com — Cisco Umbrella Rank: 11229
4 KB
5 liveperson.net
lptag.liveperson.net — Cisco Umbrella Rank: 4186
va.v.liveperson.net — Cisco Umbrella Rank: 4458
125 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 81
329 KB
4 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 805
cdn3.optimizely.com — Cisco Umbrella Rank: 6500
a19069622224.cdn.optimizely.com — Cisco Umbrella Rank: 107176
logx.optimizely.com — Cisco Umbrella Rank: 1655
144 KB
2 eum-appdynamics.com
col.eum-appdynamics.com — Cisco Umbrella Rank: 3274
2 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
3 KB
2 amazon-adsystem.com
s.amazon-adsystem.com — Cisco Umbrella Rank: 349
2 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 204
72 KB
2 hsbccreditcard.com
hsbccreditcard.com
www.hsbccreditcard.com
609 B
1 appdynamics.com
cdn.appdynamics.com — Cisco Umbrella Rank: 4607
15 KB
1 liveperson.com
static-assets.dev.fs.liveperson.com — Cisco Umbrella Rank: 37311
4 KB
1 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 274
409 B
110 15
Domain Requested by
50 www.us.hsbc.com www.us.hsbc.com
13 tags.tiqcdn.com www.us.hsbc.com
tags.tiqcdn.com
7 lpcdn.lpsnmedia.net lptag.liveperson.net
5 www.googletagmanager.com tags.tiqcdn.com
www.googletagmanager.com
5 mcm-prod.us.hsbc.com www.us.hsbc.com
tags.tiqcdn.com
4 accdn.lpsnmedia.net lptag.liveperson.net
3 va.v.liveperson.net lptag.liveperson.net
3 visitor-service-us-east-1.tealiumiq.com tags.tiqcdn.com
3 collect-us-east-1.tealiumiq.com www.us.hsbc.com
2 col.eum-appdynamics.com www.us.hsbc.com
2 www.facebook.com www.us.hsbc.com
2 lptag.liveperson.net tags.tiqcdn.com
2 s.amazon-adsystem.com 1 redirects www.us.hsbc.com
2 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
1 cdn.appdynamics.com www.us.hsbc.com
1 logx.optimizely.com www.us.hsbc.com
1 static-assets.dev.fs.liveperson.com lptag.liveperson.net
1 cm.g.doubleclick.net www.us.hsbc.com
1 a19069622224.cdn.optimizely.com cdn.optimizely.com
1 cdn3.optimizely.com cdn.optimizely.com
1 akamai.tiqcdn.com www.us.hsbc.com
1 cdn.optimizely.com tags.tiqcdn.com
1 www.hsbccreditcard.com 1 redirects
1 hsbccreditcard.com 1 redirects
110 24

This site contains links to these domains. Also see Links.

Domain
www.business.us.hsbc.com
brokercheck.finra.org
www.about.us.hsbc.com
prioritypass.com
Subject Issuer Validity Valid
www.us.hsbc.com
DigiCert EV RSA CA G2		 2024-05-24 -
2024-09-15		 4 months crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02		 2024-03-19 -
2025-04-17		 a year crt.sh
cdn.optimizely.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-09-01 -
2024-09-04		 a year crt.sh
*.tiqcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-16 -
2024-11-16		 a year crt.sh
cdn3.optimizely.com
WE1		 2024-06-14 -
2024-09-12		 3 months crt.sh
*.cdn.optimizely.com
GeoTrust RSA CA 2018		 2024-01-25 -
2025-01-27		 a year crt.sh
mcm-prod.us.hsbc.com
DigiCert EV RSA CA G2		 2023-08-06 -
2024-08-28		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-04-10 -
2024-07-09		 3 months crt.sh
*.tealiumiq.com
Amazon RSA 2048 M03		 2024-06-25 -
2025-07-23		 a year crt.sh
*.google-analytics.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2023-11-28 -
2024-11-27		 a year crt.sh
*.lpsnmedia.net
Sectigo RSA Organization Validation Secure Server CA		 2023-11-15 -
2024-11-14		 a year crt.sh
dev.fs.liveperson.com
Amazon RSA 2048 M03		 2024-04-26 -
2025-05-25		 a year crt.sh
logx.optimizely.com
WR3		 2024-05-23 -
2024-08-21		 3 months crt.sh
*.v.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2023-10-31 -
2024-10-30		 a year crt.sh
*.appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-06-20 -
2025-07-21		 a year crt.sh
*.eum-appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-06-13 -
2025-07-14		 a year crt.sh

This page contains 3 frames:

Primary Page: https://www.us.hsbc.com/credit-cards/
Frame ID: 485A85455F500C6B787079BD09C74D78
Requests: 108 HTTP requests in this frame

Frame: https://a19069622224.cdn.optimizely.com/client_storage/a19069622224.html
Frame ID: CA14A074E263548CB8A741607EF3F799
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.26.0.0-release_5111/storage.secure.min.html?loc=https%3A%2F%2Fwww.us.hsbc.com&site=52516473&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Frame ID: 44BA8CA8665BFB0CF147A20650BB8425
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Credit Card Offers & Benefits - HSBC Bank USA

Page URL History Show full URLs

  1. http://hsbccreditcard.com/ HTTP 307
    https://hsbccreditcard.com/ HTTP 301
    https://www.hsbccreditcard.com/ HTTP 301
    https://www.us.hsbc.com/credit-cards/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc\.clientlibs/
Overall confidence: 100%
Detected patterns
  • adrum
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js

Page Statistics

110
Requests

99 %
HTTPS

21 %
IPv6

15
Domains

24
Subdomains

22
IPs

3
Countries

2586 kB
Transfer

8005 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://hsbccreditcard.com/ HTTP 307
    https://hsbccreditcard.com/ HTTP 301
    https://www.hsbccreditcard.com/ HTTP 301
    https://www.us.hsbc.com/credit-cards/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 68
  • https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=0190737348470016442a362407720506f002506700b08 HTTP 302
  • https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=0190737348470016442a362407720506f002506700b08&dcc=t

110 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.us.hsbc.com/credit-cards/
Redirect Chain
  • http://hsbccreditcard.com/
  • https://hsbccreditcard.com/
  • https://www.hsbccreditcard.com/
  • https://www.us.hsbc.com/credit-cards/
141 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
0f0bbd7654923199dcac4221bf62f1e3d4276687e01ff62fc60873a0f372ae6c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
max-age=60, s-maxage=60
content-encoding
gzip
content-length
17933
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
content-type
text/html; charset=utf-8
date
Tue, 02 Jul 2024 12:37:32 GMT
last-modified
Tue, 02 Jul 2024 11:38:04 GMT
s
dispatcher2useast1-b80
server
Apache
strict-transport-security
max-age=31536000; includeSubdomains
vary
Accept-Encoding
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-id
dVSNyQ7rNgFhcFYkXg-U8rVvLXtvDimcsSfQg6zVTXJlUHoKWKZfAQ==
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
245
content-type
text/html; charset=iso-8859-1
date
Tue, 02 Jul 2024 12:37:31 GMT
location
https://www.us.hsbc.com/credit-cards/
server
Apache
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=32,cdn-upstream-fbl;dur=43,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="bysx00K4-idkU3TABLjWJjOY4GroeBx_a9p8RX_bYU0L11ebOuPT9w==",cdn-downstream-fbl;dur=190
strict-transport-security
max-age=31536000; includeSubdomains
via
1.1 13ad77f5993668d67b8168f460ba6368.cloudfront.net (CloudFront)
x-amz-cf-id
bysx00K4-idkU3TABLjWJjOY4GroeBx_a9p8RX_bYU0L11ebOuPT9w==
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/ 		1 MB
114 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
0ec31bc262a6d14aa60e5839ddeb7f5ebcb9bb37a37e0b42b81ffd08aef70e80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
edge-control
no-cache, no-store, must-revalidate
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=22,cdn-upstream-fbl;dur=56,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="Yw1R54KziXLyYHJmNSzmCurvTdrCGE4K1UBxTeZyBD6qiveNvzqdxg==",cdn-downstream-fbl;dur=574
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 06:35:19 GMT
server
Apache
content-type
text/css;charset=utf-8
cache-control
no-cache, no-store, must-revalidate
s
dispatcher2useast2-b80
x-amz-cf-id
Yw1R54KziXLyYHJmNSzmCurvTdrCGE4K1UBxTeZyBD6qiveNvzqdxg==
utag.sync.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.sync.js
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
177a18e00000e08e8ded018c0b23c31b55a5d433a287bc5b4a82ad5b9c74dd41

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
IZaWr6c5ngxDM.SzjFkImCafeigjjPdw
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:37 GMT
last-modified
Thu, 27 Jun 2024 10:03:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
158
x-amz-server-side-encryption
AES256
etag
W/"ee90f25be20d8ec7dab5e7962d5bdcdc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
bz0y1lk5P7d-Tp9G2zuRLFY7bumS01DPTLWW39cJZhyAbUDO3x2M2Q==
appd.min.28729b81913621076cb1004898cb22c7.js
www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/ 		35 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
589c637bb7a658de26723d9dfedcb3a517d9b34d696c9335028986acec6f4b0b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:32 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
edge-control
no-cache, no-store, must-revalidate
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=10,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="idOLXxbN_BYiHOunbIa7Bk00rgUAc2p8y4buTv1hQojz3uVJk3oF9A==",cdn-downstream-fbl;dur=151
content-length
11538
x-xss-protection
1; mode=block
last-modified
Mon, 29 Jun 2020 09:26:12 GMT
server
Apache
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate
s
dispatcher2useast1-b80
x-amz-cf-id
idOLXxbN_BYiHOunbIa7Bk00rgUAc2p8y4buTv1hQojz3uVJk3oF9A==
HSBC_MASTERBRAND_LOGO_RGB.svg
www.us.hsbc.com/content/dam/hsbc/us/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/images/HSBC_MASTERBRAND_LOGO_RGB.svg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
fc306ad03e79f14ca1a1a484d4e790b839ac0661246015e05c9ae575ec1b09f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:57 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
1342
x-xss-protection
1; mode=block
last-modified
Tue, 13 Apr 2021 18:56:51 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
fg_S7gQv0E2mq-DkxTwzy1j41Dep--Re6xb6nxUssMGXWyBXF0k4Og==
hsbc-us-credit-cards-premier.jpg
www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-card-support/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-card-support/hsbc-us-credit-cards-premier.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
86f912b238d272da6d6cb9750fa380bf5ba8ff952a2d6b67fbe642b2b782bb57
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:57 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="CRZVOoBFM8BJ7eIgFRsv-gtji6g1nEB9ShNDNYVwDs024PnM88tyAg==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=27
content-length
36008
x-xss-protection
1; mode=block
last-modified
Thu, 27 Jan 2022 17:22:09 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
CRZVOoBFM8BJ7eIgFRsv-gtji6g1nEB9ShNDNYVwDs024PnM88tyAg==
hsbc-us-credit-cards-elite.jpg
www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-card-support/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-card-support/hsbc-us-credit-cards-elite.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
e36ea7da5e103101351269e7335e64d920b978ee8cb19e6fe6c40ff487a99325
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1534
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="8TZtGhj1mmvVWcDFJM-qpApGEnQ4fZoABRglFeUSk0OxI9xZTaRbhA==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=25
content-length
20910
x-xss-protection
1; mode=block
last-modified
Mon, 01 Apr 2024 10:58:18 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
8TZtGhj1mmvVWcDFJM-qpApGEnQ4fZoABRglFeUSk0OxI9xZTaRbhA==
hsbc-us-creditcards-resource-center.jpg
www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-card-support/ 		55 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-card-support/hsbc-us-creditcards-resource-center.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
7560d49f697a13fcefb0cf9f6a2ea4fde86e6c80440a08d9f77d9ffe32da05f5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1534
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="ILKuDI8CB8jzllsNe50pU-L6fVbz4dVFS_vwYw4OTtg5vUnWD8rTRg==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=37
content-length
55972
x-xss-protection
1; mode=block
last-modified
Thu, 27 Jan 2022 17:18:20 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
ILKuDI8CB8jzllsNe50pU-L6fVbz4dVFS_vwYw4OTtg5vUnWD8rTRg==
hsbc-cc-premier-elite-travel-7.png
www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-cards/images/ 		169 KB
169 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-cards/images/hsbc-cc-premier-elite-travel-7.png
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
32de640104368ce8560b5d30d099e6a8fef1c3048e721421b54c1ecd940b1880
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
172851
x-xss-protection
1; mode=block
last-modified
Thu, 29 Apr 2021 06:10:29 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
u3MyaxKloPU_XfJB4Z_BwOdv59qXSEo2-hqfd-cMNavywukTZz54fA==
cq5dam.web.590.1000.jpeg
www.us.hsbc.com/content/dam/hsbc/us/images/man-using-phone-outside.jpg/jcr:content/renditions/ 		53 KB
54 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/images/man-using-phone-outside.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
7391f06dd8a0d002a5f19df8b26b208f8b127a01c9f33907ca445604b6619c8c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
54681
x-xss-protection
1; mode=block
last-modified
Mon, 24 Jan 2022 13:03:20 GMT
server
Apache
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
zufnAlVlYvYqh-EBFWxrlD2v4JzK8uJC7c2Y4BMEtZXLLhG-hIknMA==
cq5dam.web.590.1000.jpeg
www.us.hsbc.com/content/dam/hsbc/us/images/creditcards/16-9/9484-friends-after-shopping-checking-social-media-2000X1125.jpg/jcr:content/renditions/ 		59 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/images/creditcards/16-9/9484-friends-after-shopping-checking-social-media-2000X1125.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
2f108ebe81a11d61e19ad47f38c9ab9a9d8abfba6d67d468655fa4858d9ea5e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="uuNR0hibfjFAe3KpWxnAvfT7_wsAs1nOObVFAuaCajX5X29lXOlfOA==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=28
content-length
60858
x-xss-protection
1; mode=block
last-modified
Mon, 30 Jan 2023 14:54:45 GMT
server
Apache
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
uuNR0hibfjFAe3KpWxnAvfT7_wsAs1nOObVFAuaCajX5X29lXOlfOA==
hsbc-ccrc-rewards-egift-cards.jpg
www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-card-support/manage-my-credit-card-account/rewards/images/ 		63 KB
64 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-card-support/manage-my-credit-card-account/rewards/images/hsbc-ccrc-rewards-egift-cards.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
d5f8aa0f6a8106c249fce078eef64f4fc96fa2301c661feffa21e2e86081a5bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="TVdbKRsFLOOSKivHYVQfFn0u_ppSeXQrKMr2cXFPXAEnd5l4jjd3hQ==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=27
content-length
64466
x-xss-protection
1; mode=block
last-modified
Wed, 28 Apr 2021 14:47:03 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
TVdbKRsFLOOSKivHYVQfFn0u_ppSeXQrKMr2cXFPXAEnd5l4jjd3hQ==
happy-lady-using-mobile.jpeg
www.us.hsbc.com/content/dam/hsbc/us/en_us/international-banking/ 		19 KB
19 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/international-banking/happy-lady-using-mobile.jpeg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
d9d1d6fee7d44c778f3ba2091bf6d413c4808e9f5f8d42567659927df9bc9ac9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
18995
x-xss-protection
1; mode=block
last-modified
Mon, 24 Jan 2022 13:03:20 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
f9jtvfM8jiEMWgy-KVRMt4pRvloPskYUF3TcQZMVWu2jzgprcwsSbw==
cq5dam.web.590.1000.jpeg
www.us.hsbc.com/content/dam/hsbc/us/en_us/checking-accounts/campaigns/hsbc-mobile-pay.jpg/jcr:content/renditions/ 		45 KB
46 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/checking-accounts/campaigns/hsbc-mobile-pay.jpg/jcr:content/renditions/cq5dam.web.590.1000.jpeg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
7204fbdd71b08d3183957eefd74beb00da67c87693b9727b837754c7884177e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
46292
x-xss-protection
1; mode=block
last-modified
Mon, 24 Jan 2022 13:09:03 GMT
server
Apache
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
5B1fpEbhY2_XVPbt1jkWf4jX3J2B6KW2M2DcAVs3Gqz75NNu4nr2gg==
hsbc-credit-cards-man-with-hands-behind-head.jpg
www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-cards/images/ 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/credit-cards/images/hsbc-credit-cards-man-with-hands-behind-head.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
f9ea8e5d8c81d44fef7758d21318c991db48c3c22823e643f28a7f7a671fdadd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="OXo9jLwRoJ5ukRYW25sSDfVLgUEZlp6EaVHd3P0FZF5fo4bDlBSF7Q==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=34
content-length
43232
x-xss-protection
1; mode=block
last-modified
Fri, 01 Jul 2022 15:09:32 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
OXo9jLwRoJ5ukRYW25sSDfVLgUEZlp6EaVHd3P0FZF5fo4bDlBSF7Q==
EHL-icon-white.png
www.us.hsbc.com/content/dam/hsbc/us/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/images/EHL-icon-white.png
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
1cc8ed3b19c06b0be3780220cb04e0407015da556bdf9656dc6964c840216949
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
5764
x-xss-protection
1; mode=block
last-modified
Wed, 14 Apr 2021 06:17:00 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
o6zGrcShjxOO4sssza4RofU-IdtzQVcSkH52vW2bLMHMmLgLDO8TNw==
clientlib-all.min.9fc0e08c626d9cd03b0782f1b7c9e15c.js
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/ 		957 KB
221 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-all.min.9fc0e08c626d9cd03b0782f1b7c9e15c.js
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
f9929b531e44104d35b0990117ec4df59627760f66ee62454bc82bf50cc4f297
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:32 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
edge-control
no-cache, no-store, must-revalidate
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=3,cdn-upstream-fbl;dur=14,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="-piVQwoTJJ8pQkAO9vlYOV1jKXfMrBGdSJvUqm87Mvf2zk0UgY6zQw==",cdn-downstream-fbl;dur=148
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 06:23:50 GMT
server
Apache
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate
s
dispatcher3useast1-b80
x-amz-cf-id
-piVQwoTJJ8pQkAO9vlYOV1jKXfMrBGdSJvUqm87Mvf2zk0UgY6zQw==
20375190679.js
cdn.optimizely.com/js/ 		915 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/20375190679.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.sync.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:88e::13b8 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
85f0781c18e7a218c6d0a042a0b2da1d4b0666dcd2ea767ab941cdc754a6fbcb
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
XkZcaqQJwEoIC5N6sOhLovqsNa1IYf.N
content-encoding
gzip
date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=15768000
x-amz-request-id
1R35CBD0DBTATXRX
x-amz-server-side-encryption
AES256
x-amz-meta-revision
2802
x-amz-replication-status
COMPLETED
server-timing
cdn-cache; desc=HIT, edge; dur=23, origin; dur=0, cdn;desc="AkamaiION";dur=0,rtt;desc="37";dur=0,cdnip;desc="2a02:26f0:3500:88e::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0, ak_p; desc="1719923853224_388276626_1901249140_2335_1838_37_62_146";dur=1
content-length
146042
x-amz-id-2
68Alw9f61aAbV8woS9U2rKZudBXE0iEUsU41ZNVY/2wFU/K0wHcgsz/NWl3nGs64skBMud8PwSA=
last-modified
Mon, 01 Jul 2024 13:01:54 GMT
server
AmazonS3
etag
"9098f361b18f89064b35270f17f2d704"
vary
Accept-Encoding
access-control-max-age
86400
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
utag.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		389 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
97856a811f44b6159ca38e4dc9cde8e08cb2ef648abdbd08f7ddbd1d01b1e40d

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
8WNxZ26mlgJXskVHUdcNsSL9Q4SbOTOi
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:37 GMT
last-modified
Thu, 27 Jun 2024 10:03:09 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
158
x-amz-server-side-encryption
AES256
etag
W/"d1f1544b31d22d53e8fb7a06a6cf1e73"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
5_YaWBIh5FfVXqE_1HYPVqnX9bHSzuLK1oaMEcYRAwL03vhuMJ4YqQ==
chevron_right_thick_white.svg
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/icons/svg/ 		340 B
850 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/icons/svg/chevron_right_thick_white.svg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
f08d5b52cb9eb8cf13ba3a2d5bedd429fa0f82c0b9cc703c835159b6e95e234c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="4dvb5epbQOgU9pkDauxqmd1A95hxxbkWPTa7-ZJIztB-zh_MgcjX9g==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=28
content-length
232
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 10:54:01 GMT
server
Apache
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
4dvb5epbQOgU9pkDauxqmd1A95hxxbkWPTa7-ZJIztB-zh_MgcjX9g==
chevron_right_thick_red.svg
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/icons/svg/ 		339 B
854 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/icons/svg/chevron_right_thick_red.svg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
924d2768e86c3814242cf4e04fea6091a1634b2f432cecd99f681efc323686ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="OKYDJtE-SJG7nvtLEjlQxflEhd34b_Hy9plk33TVbQJGZG4wrxCHyg==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=30
content-length
234
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 07:31:43 GMT
server
Apache
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
OKYDJtE-SJG7nvtLEjlQxflEhd34b_Hy9plk33TVbQJGZG4wrxCHyg==
HSBCIcon-Font-Extension.woff
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/HSBCIcon-Font-Extension.woff?ee39a20e77cff3aec879befe2cd1d29d
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Origin
https://www.us.hsbc.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
38384
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 07:26:45 GMT
server
Apache
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
WZB7iMnGcv_7n2dcm0USQukrlCJtwgxVOg3Z39epDrCop_tCOsdxVw==
UniversNextforHSBCW02-Rg.woff
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/UniversNextforHSBCW02-Rg.woff
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Origin
https://www.us.hsbc.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="XYSeeLRCKl9pLY8k5nwaKET6HN6gY3pweFvJIvkWcoOMaAI9FIWIIw==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=31
content-length
27464
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 07:22:28 GMT
server
Apache
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
XYSeeLRCKl9pLY8k5nwaKET6HN6gY3pweFvJIvkWcoOMaAI9FIWIIw==
UniversNextforHSBCW02-Bd.woff
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/UniversNextforHSBCW02-Bd.woff
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Origin
https://www.us.hsbc.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="FC8BGcHMGab0LQP_iUqe8JI-gDjJN8Di8U0S-_UJYbXltLtey5yI-g==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=29
content-length
26328
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 07:18:41 GMT
server
Apache
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
FC8BGcHMGab0LQP_iUqe8JI-gDjJN8Di8U0S-_UJYbXltLtey5yI-g==
UniversNextforHSBCW02-Lt.woff
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/UniversNextforHSBCW02-Lt.woff
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Origin
https://www.us.hsbc.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="gBWMnSgL0gSQMA0HZ9MgdpTM0CrT9AXlycOOXKUqUk0eOWMAiPE-3g==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=30
content-length
26300
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 07:22:25 GMT
server
Apache
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
gBWMnSgL0gSQMA0HZ9MgdpTM0CrT9AXlycOOXKUqUk0eOWMAiPE-3g==
UniversNextforHSBCW02-LtIt.woff
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/ 		24 KB
25 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/UniversNextforHSBCW02-LtIt.woff
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
c736d15fc8104340a0fcbdad3dea714abc1a358ec4e108952c223a24460006e3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Origin
https://www.us.hsbc.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="Z2nF2K821biAELn_xn5VU8D7WMB6h99_lYpWfTcW2MY1hhHinQG92A==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=40
content-length
24980
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 07:37:41 GMT
server
Apache
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
Z2nF2K821biAELn_xn5VU8D7WMB6h99_lYpWfTcW2MY1hhHinQG92A==
/
www.us.hsbc.com/configuration/modals/personal-loans.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/personal-loans.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
1b80f68604e91919f226a2deaf3cbf752774fce767f202897e9b4dc4e1242f10
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=14,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="gSPPOwotXdYmOzfpf7m-cErx7m-Clmcw8UGHni_eUaa-v9EKb-Lnmg==",cdn-downstream-fbl;dur=149
content-length
985
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:41 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
gSPPOwotXdYmOzfpf7m-cErx7m-Clmcw8UGHni_eUaa-v9EKb-Lnmg==
/
www.us.hsbc.com/configuration/modals/external-link-modal-new.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/external-link-modal-new.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
57241a7568d24614c77f569392bc537d02b26205e681434618f720a7c35736cd
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
content-length
877
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:13 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
-BGL2EHjh_xts78eHMfTV5RljiwEedP24l97UNUxWoFuypcjLFCYsw==
/
www.us.hsbc.com/configuration/modals/premier-upgrade-calc-exit-warning.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/premier-upgrade-calc-exit-warning.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
94dc230b5ba6ffeff1a1e2b48356bbff6fdf4607ffa99761980df55c180bacd4
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
content-length
983
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:12 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
TAfZ1FbZeBoqhxNkKWDrMK1BTTHhh-Ks4eSdOIePCa96_z5qaU89vA==
/
www.us.hsbc.com/configuration/modals/calculator-exit-warning1.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/calculator-exit-warning1.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
ba55254e846e77e27e67a952552fa702c37a86508dd3c4172035804903194e8a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=2,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="PsFozT6UWdLMswR31zyornOaJTvnxkxrvmqxBP7neLmw7d7wCTAB3g==",cdn-downstream-fbl;dur=160
content-length
988
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:32:47 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
PsFozT6UWdLMswR31zyornOaJTvnxkxrvmqxBP7neLmw7d7wCTAB3g==
/
www.us.hsbc.com/configuration/modals/calculator-exit-warning5.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/calculator-exit-warning5.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
74cc8181e92ac8136a062fba06c2c43619b8be18ce9e7fc2681d237a93828e7e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=3,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="OHe1TrvIpQj20sO3rmdsSgaNLDmU177QzHuTw039Kuq57sDeO3ARnw==",cdn-downstream-fbl;dur=160
content-length
971
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:12 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
OHe1TrvIpQj20sO3rmdsSgaNLDmU177QzHuTw039Kuq57sDeO3ARnw==
/
www.us.hsbc.com/configuration/modals/calculator-exit-warning4.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/calculator-exit-warning4.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
28ede743695d3712a2575d864b7c13e4f80714a7262f485f4380a0a911901551
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=2,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="rXnxGJUc38B-I8L5LlCwK78RrCjhvBNU8IIW_8L9A5gAWoNWpaJY2A==",cdn-downstream-fbl;dur=153
content-length
961
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:23 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
rXnxGJUc38B-I8L5LlCwK78RrCjhvBNU8IIW_8L9A5gAWoNWpaJY2A==
/
www.us.hsbc.com/configuration/modals/calculator-exit-warning3.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/calculator-exit-warning3.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
454742bff491da28e6b642099f379a873430d35be21d5513128833025126c12d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=14,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="_-NNjyhUN7Z1qx5MCvojN7C2mL07CbXY0ZibGoYY6rkmyJS9Xjq_Lw==",cdn-downstream-fbl;dur=527
content-length
987
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:22 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
_-NNjyhUN7Z1qx5MCvojN7C2mL07CbXY0ZibGoYY6rkmyJS9Xjq_Lw==
/
www.us.hsbc.com/configuration/modals/calculator-exit-warning2.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/calculator-exit-warning2.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
da146d0ff664f1c3c2f3f1b1d322faecc6516614232518a20c011a3543e83c43
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
content-length
961
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:32:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
DvUnup1VPzuRwsjfGk94ftb0epmOlwpu7DRskzg6lIzGgcJI57h5uw==
/
www.us.hsbc.com/configuration/modals/calculator-exit-warning7.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/calculator-exit-warning7.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
d4beb6bc8ca48c3297628ed88c46e660d9b099fe0a00ed58f651a5e1a6dcb85a
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=2,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="fS_GE3ZdHQ0hAZ_mLqSAprNseU2YJOhD6_zVr9xWViMY58gQRlGaMg==",cdn-downstream-fbl;dur=148
content-length
991
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:32:51 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
fS_GE3ZdHQ0hAZ_mLqSAprNseU2YJOhD6_zVr9xWViMY58gQRlGaMg==
/
www.us.hsbc.com/configuration/modals/calculator-exit-warning6.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/calculator-exit-warning6.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
b77ed3129f1d87b033fd2dcd2b744b44e71b277b83f74d674f3ed169e0741142
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=21,cdn-upstream-fbl;dur=33,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="TnzheZRRnvP1PmybnZYUIgBO3OVCNjn0-ISlyJ3EBvOVlf9Ly90NDw==",cdn-downstream-fbl;dur=188
content-length
952
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:12 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
TnzheZRRnvP1PmybnZYUIgBO3OVCNjn0-ISlyJ3EBvOVlf9Ly90NDw==
/
www.us.hsbc.com/configuration/modals/premier-table-exit-warning.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/premier-table-exit-warning.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
7783a55dff5c9c7055bccbc7ca40ab79fc731ab14e2a162b369f536298e758b5
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
content-length
912
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:16 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
LDsrgssd2uxP-28-OaJfn5Wmhyp8h8TD7ZuDg5tK0WcoKiaCntQUBQ==
/
www.us.hsbc.com/configuration/modals/premier-engage-calc-exit-warning.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/premier-engage-calc-exit-warning.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
4d47e3b576c35d06ad47f75b38effcd77fe0cb3423156e7a86f996624157a167
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
content-length
941
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:32:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
Frnr3SQPS-1XynAZvL_Q63HdpeVY1x5186dDGHDNoT1i45wx4iNs-w==
/
www.us.hsbc.com/configuration/modals/premier-savings-new.modal/ 		3 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/premier-savings-new.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
2cd958ef25500f651a1989573a301b18e1489d99612a9cd09900b56be6ee6e99
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=3,cdn-upstream-fbl;dur=5,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="GDj41Tyub2wYNxBEBr3MkWtZJfs2WXlp4SFI-L3dugWmORKOF1I3og==",cdn-downstream-fbl;dur=169
content-length
968
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:12 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
GDj41Tyub2wYNxBEBr3MkWtZJfs2WXlp4SFI-L3dugWmORKOF1I3og==
/
www.us.hsbc.com/configuration/modals/premier-calculator-exit-warning.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/premier-calculator-exit-warning.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
86b6dd8b84478bf413e741dfb182c14c70ef909fc4027cf01794c3c08fede946
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
content-length
965
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:32:39 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
7cR1czPyXBwkwdbAoT6fNFDKDAbBZW4wU9XxCj0KvKxLLuJETDdExA==
/
www.us.hsbc.com/configuration/modals/hsbcnet.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/hsbcnet.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
24b0dfe83fae087d64782b136f037c94b29dbbd0a6d9dbab9c6e9a476cda0f69
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=2,cdn-upstream-fbl;dur=4,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="8nq9yvqsmtU0redlb0BSvtu4K3gBPerBDzhZNdeKPHB2Gq3nXpTKLw==",cdn-downstream-fbl;dur=144
content-length
901
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:32:47 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher3useast1-b80
x-amz-cf-id
8nq9yvqsmtU0redlb0BSvtu4K3gBPerBDzhZNdeKPHB2Gq3nXpTKLw==
/
www.us.hsbc.com/configuration/modals/app-download.modal/ 		8 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/app-download.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
b5393266c2f7459185469798428d6a249539c628bdf024da892e2720688d62bc
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
content-length
1958
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:13 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
juB2O5WAAx0ym7nwoEimgbBG2TWEw2hDbN_LUpTvj-8cFfYnOKhq5A==
/
www.us.hsbc.com/configuration/modals/digital-life-insurance-exit-warning.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/digital-life-insurance-exit-warning.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
435528a638d50f01f3ce2bb965b4fcdc41ab5a7355348ea944001f33024be41c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
content-length
950
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:33:23 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
34cKHhTeQoHensfvQK-jGuWFfdvl-VYxBVwUnlP6vqGuLP8Gto_odw==
/
www.us.hsbc.com/configuration/modals/advance-savings-new.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/configuration/modals/advance-savings-new.modal/
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
56deb9bcbc7c82f9d4d90c417b8c7243b1cf887d87fa4636687152831c7bc661
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
content-encoding
gzip
content-security-policy
default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
x-cache
Miss from cloudfront
server-timing
cdn-upstream-layer;desc="Origin Shield",cdn-upstream-dns;dur=0,cdn-upstream-connect;dur=0,cdn-upstream-fbl;dur=2,cdn-cache-miss,cdn-pop;desc="FRA60-P6",cdn-rid;desc="s-NWdj6vnXqAunVLdPhDo8y9i6zbkAdhWaK3NiNNOU4krQjtosE_gw==",cdn-downstream-fbl;dur=151
content-length
938
x-xss-protection
1; mode=block
last-modified
Tue, 02 Jul 2024 11:32:51 GMT
server
Apache
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/html; charset=utf-8
cache-control
max-age=60, s-maxage=60
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
s-NWdj6vnXqAunVLdPhDo8y9i6zbkAdhWaK3NiNNOU4krQjtosE_gw==
en_us.dpws-footnotes.json
www.us.hsbc.com/content/hsbc/us/ 		153 KB
38 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/content/hsbc/us/en_us.dpws-footnotes.json
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
ffbd812ccd2dd2d495be8b17e99989e023a3cc7832e4a7928514e97148db0e14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
ADRUM
isAjax:true
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
last-modified
Tue, 02 Jul 2024 11:33:21 GMT
server
Apache
content-encoding
gzip
x-amz-cf-pop
FRA60-P6
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/json
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
cache-control
max-age=1, s-maxage=1
s
dispatcher3useast1-b80
x-amz-cf-id
YENdVP8538Wa05AD-60ZbQ5EMYlutah6Cg5LE4yxnwF_YVpsLcA0Kg==
x-xss-protection
1; mode=block
auth-status-hint
www.us.hsbc.com/ 		20 B
325 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/auth-status-hint?_=1719923853161
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
CloudFront /
Resource Hash
69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
json
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
content-encoding
UTF-8
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P6
x-cache
LambdaGeneratedResponse from cloudfront
content-type
application/json
cache-control
max-age=0, no-cache, no-store
content-length
20
x-amz-cf-id
h0vq8k7KPgvqmemXq2GvCWrSOr-Qcsi9r_1eeXdovQC5CI-rS01wzg==
authorize.auth.json
www.us.hsbc.com/ 		20 B
326 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/authorize.auth.json?q&_=1719923853162
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
CloudFront /
Resource Hash
69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
json
Accept
*/*
Referer
https://www.us.hsbc.com/credit-cards/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
content-encoding
UTF-8
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA60-P6
x-cache
LambdaGeneratedResponse from cloudfront
content-type
application/json
cache-control
max-age=0, no-cache, no-store
content-length
20
x-amz-cf-id
_Dbpr-53GhztUMWWVUCJx46p5stVOu9xdM7tKZyd4VSm34aEucTtOg==
location.js
akamai.tiqcdn.com/location/ 		18 B
562 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://akamai.tiqcdn.com/location/location.js
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.45.104.216 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-45-104-216.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 02 Jul 2024 12:37:33 GMT
Last-Modified
Mon, 30 Apr 2018 23:09:19 GMT
Server
AkamaiNetStorage
ETag
"6c98be5fda77913799e8ef24b86a7abd:1525129759"
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-EdgeScape-Location
Cache-Control
max-age=1296000
X-EdgeScape-Location
country_code=DE,region_code=BY,city=NURNBERG,areacode=0,zip=0,bandwidth=5000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18
Expires
Wed, 17 Jul 2024 12:37:33 GMT
utag.680.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		133 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.680.js?utv=ut4.47.202308280707
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fee5e7a711549efa4853d4ea014473235f50d5393fc66947517402c4954ed9a4

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
4KOyaGloU5S9sMZ2gv3i77Vvn1dIIonj
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:02:58 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"754867447754cf99922c4ea945fba819"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
92XFGKBr_UKwF1eM4A0dpKmxVZmYCQM90i04qd7XizdnaaOAvoxPBg==
utag.104.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		36 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.104.js?utv=ut4.47.201804031516
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
88fc669dd8708d576baa4325c1fefa6923fd8fc7783f02062ae0783592055ea6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
w9J9Vl511hMgtvH.5Y9Z8oVYHbDHh28D
content-encoding
gzip
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:03:00 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"ea730daa94790668ad362191a9292a1e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
R-Ui1apoQRdUjRScnAYEKugOUWbTn37oDf5gavh2BMZa7Uq77JRjgA==
utag.384.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.384.js?utv=ut4.47.202404010402
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f46f1a6eb7b8cf60550c505b94bb52eb6a4f08a7aab93b43412546049889df4b

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
C20v9E3nxuCI31UduzU6pdrtHyQdeUtb
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:03:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"60deac11117982e19d44ffb693e5ac2f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
w16EwY_rB9SeTD0h7gHHZRYuz4X-R1JfMmlFr0Kn22chpoafuX1WNg==
utag.518.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.518.js?utv=ut4.47.202207010912
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
80e8c0c19e255651c3c072f01f69854d97f45ade1a44a8a857becece384107f7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
v7fw02aNguwHqO.fR7fAQZXoPdMhIdLh
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:38 GMT
last-modified
Thu, 27 Jun 2024 10:03:03 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"abd49c2f084c8e7c69bf0871214856da"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
HTFcNUqlXDrceLlnTDXwjah4dDBegv4wYqqcziE2KmA7-SFaK534_Q==
utag.550.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.550.js?utv=ut4.47.202202150847
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
20594e48582ee15223b8a82a5162ebf2f8c5b4ea66b16cfc839714a235260e0f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
yW4QwR8Ur2FJz5U916GFYa7..mYYaoOv
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:03:02 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"b74c1c03751525c47136588b2d2fb1cc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
M0kxvCv4tej5CX9p2iwIAha5N1bPQMmU6h1COKtYZrVMRt50mSUVQQ==
utag.612.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.612.js?utv=ut4.47.202206160835
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5f8af2542660cf3e32b23bfe92f56ef955caa8e741572f1805c221bac79bf508

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
2MveNgCJyL9gnP8bCJmjngneGmR6SuID
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:02:59 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"66e16392b2c8b748425c4a3096ba5dd5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
To32uaNwu2ByeQ-MFOCvtUn6hCFaiaUMv3uURMgEtltWpNMC_3qSxQ==
utag.633.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		47 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.633.js?utv=ut4.47.202401080506
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7b2b8cd33c9f95c6f845ce0d37b385c408d6f49c9ead4e89e4a351e93aa9441f

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
sBtYaqVbIMCc__P0FcQDhsNxoLJbTHyw
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:02:57 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"4d564bca83bc9961c2e00a6d4589f432"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
eZp3S_CVIgtA9DdU51ZY_yGkF_4ZD3ccSVS2k0JRqKj4czzAtVcKCA==
utag.640.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.640.js?utv=ut4.47.202210050907
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b9cd76b84fa42d8196d4dc8c19b0665e93f51fbf734addae5bbbdd7235560106

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
zXMa3WQuuzyuMhZIUmOcNoEW65.aVUdX
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:03:04 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"1a90234e196a2973b8b407afa29b82ed"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
GBAMm5L3LmQ8l9LHkWCxAs10VU0sExTScQs9HrVi994q0ohBqg59CQ==
utag.655.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.655.js?utv=ut4.47.202401080506
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f57bc3ef33aa618d19e415cca284f199f617e875a78bcbed380b37eaa563705e

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
QYwTTMq.4wB03lmP_.cFZUA6MQux5I4o
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:03:08 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"0a217ba3986dccaaabf0b3ef6ac097d5"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
f1_KaxBXzZNmYCbUgHp_VWU0loUkD2ioeocO5LfAIPeDM2_9_vlaOg==
utag.659.js
tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.659.js?utv=ut4.47.202212070909
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a0d9689e454c6d7721ae4f22aed3e1c5adcf6b47d1bdc78bce072c8e81850d46

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
6t8ner57s8PvQs8LeutHYctmXaaZw5ZC
content-encoding
br
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
date
Tue, 02 Jul 2024 12:35:39 GMT
last-modified
Thu, 27 Jun 2024 10:02:58 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
age
115
x-amz-server-side-encryption
AES256
etag
W/"1a3269038479fef0822fe87db7a8097f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
YfgZvWYlhYW-5BxjECxJ16BGHLx2iw1z2y9cPVD_XyovTdF33rXdVQ==
HSBCIcon-Font.woff
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/fonts/HSBCIcon-Font.woff?ee39a20e77cff3aec879befe2cd1d29d
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-conthub.min.d16a6f061a32b698da358dc216cf5fcc.css
Origin
https://www.us.hsbc.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
22532
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 07:18:41 GMT
server
Apache
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
Cik8U5Kn96A0UZE55CPyLEOTIV6_PXSA2OzCD5IvCB0TYcyk4XDJrg==
geo4.js
cdn3.optimizely.com/js/ 		296 B
316 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn3.optimizely.com/js/geo4.js
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/20375190679.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.30.209 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
637a334f08c61905d4de8fa2152f845ad666b6a70d714fba1a6078c19cf682ee

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
content-encoding
br
server
cloudflare
cf-ray
89ceb01598acbbab-WAW
vary
Accept-Encoding
content-type
application/javascript
a19069622224.html
a19069622224.cdn.optimizely.com/client_storage/ Frame CA14 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://a19069622224.cdn.optimizely.com/client_storage/a19069622224.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/20375190679.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.197.128.15 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-197-128-15.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.us.hsbc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
max-age=120
content-encoding
gzip
content-length
1210
content-type
text/html; charset=utf-8
date
Tue, 02 Jul 2024 12:37:33 GMT
etag
"362b92412b6e1e5a3cd3fa39e9da0266"
last-modified
Tue, 02 Jul 2024 12:20:10 GMT
server
AmazonS3
server-timing
cdn-cache; desc=HIT edge; dur=1 cdn;desc="AkamaiION";dur=0,rtt;desc="36";dur=0,cdnip;desc="23.197.128.15";dur=0,cdnmap;desc="a4343.a.akamaiedge.net";dur=0,proto;desc="h2";dur=0 ak_p; desc="1719923853659_390277162_82766816_43_2223_36_49_255";dur=1
strict-transport-security
max-age=15768000
vary
Accept-Encoding
x-akamai-transformed
9 - 0 pmb=mRUM,2
x-amz-id-2
G0cekJ/A/7GvTUAO2kDiNelW44z7BjqsN258mlhdTMAvpzEbPlCoU1VmcE92kDIIY0eVbiicpzU=
x-amz-meta-pci_enabled
False
x-amz-replication-status
COMPLETED
x-amz-request-id
DP58Z4K26HQS3VJW
x-amz-server-side-encryption
AES256
x-amz-version-id
GqUeX1i1PYPm_74525h76dtBQ2NAQDsc
13940-hsbc-us-mobile-app-new-qr-800x450.jpg
www.us.hsbc.com/content/dam/hsbc/us/images/tile-16-9/ 		66 KB
67 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/images/tile-16-9/13940-hsbc-us-mobile-app-new-qr-800x450.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
f40638235df59280ba2cbc24f1c5bbabe888b365be521303edde289df08886a9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
67921
x-xss-protection
1; mode=block
last-modified
Wed, 12 Jun 2024 12:06:42 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
MGSzGArRXkBzKSi1pLHQPT5dU9EhsXQgTWaD8ys5AHRW-n0e5HfnGg==
12819-hsbc-logo-800x450.jpg
www.us.hsbc.com/content/dam/hsbc/en/images/16-9/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/en/images/16-9/12819-hsbc-logo-800x450.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
ccf07142ee8eeba853900e1ac98f80c4cf170d059f903a5236bf99e0fdbc7a43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:11:58 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
content-length
17562
x-xss-protection
1; mode=block
last-modified
Wed, 12 Jun 2024 12:06:42 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher3useast2-b80
x-amz-cf-id
UCNrua3u6Kpy-hPsm2ffpn5GrJN4YwJ4orRBuh3SRnYg_COgDHrZ_A==
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
433 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/us-rbwm/202406271000&cb=1719923853647
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:9000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Tue, 02 Jul 2024 12:30:28 GMT
via
1.1 dbddc07d9edf6f99394912c390c6ef32.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
426
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
q9Ri76qU01d4yFhQ5rvWmblHjx9ICK5bWPXYBCALe_nJTuA7dxMUrQ==
session.json
mcm-prod.us.hsbc.com/8399/handler9/ 		103 KB
104 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcm-prod.us.hsbc.com/8399/handler9/session.json
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.185 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
70b7bcbf7fa3a48b23ac998312052e1b41038046d487ddeddb18216791a8fd15
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Tue, 02 Jul 2024 12:37:37 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://www.us.hsbc.com
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
usvisstp201_US
Keep-Alive
timeout=5
Content-Length
105105
JavascriptInsert.js
mcm-prod.us.hsbc.com/ 		82 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mcm-prod.us.hsbc.com/JavascriptInsert.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.104.js?utv=ut4.47.201804031516
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.185 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
75fe7ad966153b043277de7b083b2fd4b85687f811b149a48b93711c37c32a3b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 02 Jul 2024 12:37:37 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jul 2020 18:08:29 GMT
Content-Encoding
gzip
ETag
483907946572bb73cc896db3617571b1
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=900, s-maxage=900
Connection
Keep-Alive
S
usvisstp201_US
Keep-Alive
timeout=5
Content-Length
30053
fbevents.js
connect.facebook.net/en_US/ 		221 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.518.js?utv=ut4.47.202207010912
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
de1805522e8bde4516893684590f431b5bc8716638f3b9cdbf4e987767e61a65
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 02 Jul 2024 12:37:33 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58251
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1297, tbw=2772, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
ppmw5+4sJz3lY+fgZQp2K5Vle8vtIL2zCWwbCI6F0IcSzYe453gVh9wy7Z+1hVJrjg5bH6/BfMcNqKZv5ZlGJg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
i.gif
collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/2/ 		43 B
763 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/2/i.gif
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.253.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-253-92.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryvf32LBPTZiAiDnIr

Response headers

date
Tue, 02 Jul 2024 12:37:34 GMT
x-serverid
uconnect_i-0c259869a8623a1c8
x-tid
0190737348470016442a362407720506f002506700b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-us:2:datacloud
x-region
us-east-1
content-length
43
pragma
no-cache
x-did
0190737348470016442a362407720506f002506700b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://www.us.hsbc.com
x-ulver
48d6d444c60a48b0fb994a4aed1c725e05c4a4b7-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
c1c5a5a9-0daf-4934-89cf-db480eedabe4
expires
Tue, 02 Jul 2024 12:37:34 GMT
js
www.googletagmanager.com/gtag/ 		204 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-8725221
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.640.js?utv=ut4.47.202210050907
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cc9c8242cf0fec59fa465815dd859d66244f44b3b98c3b7340be78caaca84c63
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75945
x-xss-protection
0
last-modified
Tue, 02 Jul 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 02 Jul 2024 12:37:33 GMT
dcm
s.amazon-adsystem.com/
Redirect Chain
  • https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=0190737348470016442a362407720506f002506700b08
  • https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=0190737348470016442a362407720506f002506700b08&dcc=t
43 B
855 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=0190737348470016442a362407720506f002506700b08&dcc=t
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
HTTP/1.1
Server
52.46.155.104 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Server /
Resource Hash
2fce2feb1cb59a8c53b5b46d1d758949090324d34b2a941a972240d6ccf63db6
Security Headers
Name Value
Strict-Transport-Security max-age=47474747; includeSubDomains; preload

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.us.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 02 Jul 2024 12:37:34 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
9JX53NRRWH70MX38F5S7
Vary
Content-Type,Accept-Encoding,User-Agent
Content-Type
image/gif
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
43
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 02 Jul 2024 12:37:34 GMT
Strict-Transport-Security
max-age=47474747; includeSubDomains; preload
Server
Server
x-amz-rid
E28FWQVPMYSRT9EYYFQ6
Vary
Content-Type,Accept-Encoding,User-Agent
p3p
policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR"
Location
https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=0190737348470016442a362407720506f002506700b08&dcc=t
Cache-Control
max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
i.gif
collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/2/ 		43 B
762 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/2/i.gif
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.253.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-253-92.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundarypprhsDKZTzyHlGbL

Response headers

date
Tue, 02 Jul 2024 12:37:34 GMT
x-serverid
uconnect_i-0b6e96b3e226a323d
x-tid
0190737348470016442a362407720506f002506700b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-us:2:datacloud
x-region
us-east-1
content-length
43
pragma
no-cache
x-did
0190737348470016442a362407720506f002506700b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://www.us.hsbc.com
x-ulver
48d6d444c60a48b0fb994a4aed1c725e05c4a4b7-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
69f97e7c-4905-4508-bcc9-aa300b558c29
expires
Tue, 02 Jul 2024 12:37:34 GMT
pixel
cm.g.doubleclick.net/ 		170 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=0190737348470016442a362407720506f002506700b08&tealium_account=hsbc&tealium_profile=wpb-stream-us
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
HTTP server (unknown) /
Resource Hash
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Tue, 02 Jul 2024 12:37:33 GMT
server
HTTP server (unknown)
content-type
image/png
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
170
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tag.js
lptag.liveperson.net/tag/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/tag/tag.js?site=52516473
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.612.js?utv=ut4.47.202206160835
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
f9a5649d70f74cde04ab0c3f8a8f41810772e9970befa7fee8e339bcf4dd3b08
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Tue, 31 Oct 2023 18:56:18 GMT
server
ws
etag
"65414dd2-24b8"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
9400
405421264201379
connect.facebook.net/signals/config/ 		60 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/405421264201379?v=2.9.159&r=stable&domain=www.us.hsbc.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C39%2C33%2C134%2C14%2C48%2C180%2C179%2C124%2C17%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
1bf41b27b2955921265d0797b72260a7ce6057c9355bf6cd0922324df2847d22
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Tue, 02 Jul 2024 12:37:33 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
12434
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=64, mss=1297, tbw=63780, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
krOo+ZZlGauwxRlqi3TCPVRODpAzZwYyKmiKXZA9AvaWeXx6zVzDSrg0+u+DR5SA13lF0JTsfTBi66cjzauF/Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		227 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-701694598&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8725221
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d027ebdbd078ff14a3e0231aaede315e3e5fc80c73d168efe8a5501c872d9182
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83937
x-xss-protection
0
last-modified
Tue, 02 Jul 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 02 Jul 2024 12:37:33 GMT
js
www.googletagmanager.com/gtag/ 		238 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-491709426&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8725221
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
4776256faec5f4fd68224fdd4c458bfe68820a0e4da74614fd0ab144fcb4b5f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
87331
x-xss-protection
0
last-modified
Tue, 02 Jul 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 02 Jul 2024 12:37:34 GMT
js
www.googletagmanager.com/gtag/ 		246 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-794699328&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8725221
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bce2304dabc2b2b908fbc9f73d301e014b0e5ecbd6af1ed128f70540fa6fcb66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:34 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89046
x-xss-protection
0
last-modified
Tue, 02 Jul 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 02 Jul 2024 12:37:34 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=405421264201379&ev=PageView&dl=https%3A%2F%2Fwww.us.hsbc.com%2Fcredit-cards%2F&rl=&if=false&ts=1719923853982&cd[base_tracking_type]=track&sw=1600&sh=1200&ud[external_id]=094d30c2f539f339059b2d919f5284e4eec748928a1a7315fe81553c8121384a&v=2.9.159&r=stable&a=tmtealium&ec=0&o=4126&fbp=fb.1.1719923853981.341415051847663300&ler=empty&cdl=API_unavailable&it=1719923853921&coo=false&eid=5b547220193f09db2a19bb2f60382688&tm=1&rqm=GET
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=36, rtx=0, c=10, mss=1297, tbw=2821, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Tue, 02 Jul 2024 12:37:34 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=405421264201379&ev=PageView&dl=https%3A%2F%2Fwww.us.hsbc.com%2Fcredit-cards%2F&rl=&if=false&ts=1719923853982&cd[base_tracking_type]=track&sw=1600&sh=1200&ud[external_id]=094d30c2f539f339059b2d919f5284e4eec748928a1a7315fe81553c8121384a&v=2.9.159&r=stable&a=tmtealium&ec=0&o=4126&fbp=fb.1.1719923853981.341415051847663300&ler=empty&cdl=API_unavailable&it=1719923853921&coo=false&eid=5b547220193f09db2a19bb2f60382688&tm=1&rqm=FGET
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xc1a39dcb5e43b3bc","source_keys":["1","2"]},{"key_piece":"0x7d99ce67b672b54a","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Tue, 02 Jul 2024 12:37:34 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7387016706437520537", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=36, rtx=0, c=14, mss=1297, tbw=3139, tp=-1, tpl=-1, uplat=146, ullat=0
pragma
no-cache
x-fb-debug
eptRgrqjO1oo7itqJ5MW607NdbAGFBgc3NNRBo2zXRPJ36y8Knaw+Zxp28QTiGDwaeSu+7gaD5sWhspulAiQQQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7387016706437520537"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
.jsonp
lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/ 		320 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.612.js?utv=ut4.47.202206160835
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
acb7ed0147db9543611d5766e5136916aafe89137ab06f4107d2bd098680b28b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:34 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
0190737348470016442a362407720506f002506700b08
visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/ 		36 B
250 B 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/0190737348470016442a362407720506f002506700b08?callback=utag.ut%5B%22writevawpb-stream-us%22%5D&rnd=1719923854188
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.231.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-223-231-146.compute-1.amazonaws.com
Software
/
Resource Hash
07ce5f82c07092c5d17c8b8113065a65e42dc7b041996f41691c23b0355b4b41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-version
29c08d7b4f5aca3e47f349eb2d13b5b8b2534f59-SNAPSHOT
date
Tue, 02 Jul 2024 12:37:34 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
us-east-1
content-length
36
x-nodeid
i-0f532a5fb64da1489
content-type
application/javascript; charset=utf-8
0190737348470016442a362407720506f002506700b08
visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/ 		36 B
251 B 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/0190737348470016442a362407720506f002506700b08?callback=utag.ut%5B%22writevawpb-stream-us%22%5D&rnd=1719923854189
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.231.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-223-231-146.compute-1.amazonaws.com
Software
/
Resource Hash
07ce5f82c07092c5d17c8b8113065a65e42dc7b041996f41691c23b0355b4b41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-version
29c08d7b4f5aca3e47f349eb2d13b5b8b2534f59-SNAPSHOT
date
Tue, 02 Jul 2024 12:37:34 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
us-east-1
content-length
36
x-nodeid
i-0f768f9a7a1d272d6
content-type
application/javascript; charset=utf-8
/
accdn.lpsnmedia.net/api/account/52516473/configuration/setting/accountproperties/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/52516473/configuration/setting/accountproperties/?cb=accountSettingsCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-accdn.lpsnmedia.net
Software
ws /
Resource Hash
abcf120f7a0e0e9e793a41d6923a86635b9a54632dbef14853c4d6265c86e2ca
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:34 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Tue, 02 Jul 2024 12:38:34 GMT
loadabc.js
static-assets.dev.fs.liveperson.com/ABC/js/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static-assets.dev.fs.liveperson.com/ABC/js/loadabc.js?sde=mrktInfo,campaignId,abc
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.192.137.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-192-137-86.lhr62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
5e64fb035e8def6cd9d3b7361352ba6c11c99a5241208a665ee2f242b81683e6

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
B7SN4fn6Npo_.Fhu1wNhA1nxHrFG16Vf
Content-Encoding
gzip
Via
1.1 18a6626bde9b2e7ed7889f21324eb5a6.cloudfront.net (CloudFront)
Date
Tue, 02 Jul 2024 12:32:38 GMT
X-Amz-Cf-Pop
LHR62-C5
Age
297
x-amz-server-side-encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Tue, 25 Jun 2024 13:33:32 GMT
Server
AmazonS3
ETag
W/"c77a1ead36d9b5e972474cf90d193ce5"
Vary
Accept-Encoding
Content-Type
application/javascript
X-Amz-Cf-Id
KI0knOZi-oLjt1FaMI3YjFL6YZH-YO3GnKKOGlgmuHOAK9X7TXhBGg==
ui-framework.js
lpcdn.lpsnmedia.net/le_unified_window/10.34.0.0-release_5656/ 		40 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.34.0.0-release_5656/ui-framework.js?version=10.34.0.0-release_5656
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jun 2024 04:50:22 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
632832
x-guploader-uploadid
ACJd0NolXjANAI53KTrCDqsmD0J9fGE3pvtLyf9qLpw5Mxp0xNHxQT6iSePwoQ9rcxPsd2VnKrQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
12469
last-modified
Fri, 23 Feb 2024 02:35:06 GMT
server
UploadServer
etag
W/"0dfc7fa7d2051d776d5937b7a3a7c4dd"
vary
Accept-Encoding
x-goog-generation
1708655706842335
x-goog-hash
crc32c=wefPQw==, md5=Dfx/p9IFHXdtWTe3o6fE3Q==
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
cache-control
public,max-age=31536000
x-goog-stored-content-length
40455
accept-ranges
none
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
content-type
application/javascript
surveylogicinstance.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.34.0.0-release_5656/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.34.0.0-release_5656/surveylogicinstance.min.js?version=10.34.0.0-release_5656
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 13 Jun 2024 14:01:36 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
1636558
x-guploader-uploadid
ABPtcPquKsx2ovG7QGnAB2XKxoyePlXkP3K_kh7o8uLZB8Hd_LwTmn8J_JUv1d6RKe-f21HdAo4fd3munA
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2373
last-modified
Fri, 23 Feb 2024 02:35:06 GMT
server
UploadServer
etag
W/"d53092c1d6e0a7a3d1bb802c67a6e1e9"
vary
Accept-Encoding
x-goog-generation
1708655706833570
x-goog-hash
crc32c=GIGCsg==, md5=1TCSwdbgp6PRu4AsZ6bh6Q==
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
cache-control
public,max-age=31536000
x-goog-stored-content-length
7866
accept-ranges
none
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
content-type
application/javascript
zones
accdn.lpsnmedia.net/api/account/52516473/configuration/le-campaigns/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/52516473/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-accdn.lpsnmedia.net
Software
ws /
Resource Hash
41fe74a6ec6abdd0bedca810ea88bf1d73c7cbd0a0bce9e2813402c8456a3ad2
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:34 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Tue, 02 Jul 2024 12:38:34 GMT
events
logx.optimizely.com/v1/ 		0
386 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
189.241.49.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 02 Jul 2024 12:37:34 GMT
via
1.1 google
access-control-allow-methods
POST,OPTIONS
content-type
text/plain
access-control-allow-origin
https://www.us.hsbc.com
access-control-expose-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-request-id
945a2b3e-0e9a-488b-8ab3-926f1cf695fa
desktopEmbedded.js
lpcdn.lpsnmedia.net/le_unified_window/10.34.0.0-release_5656/ 		1 MB
253 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.34.0.0-release_5656/desktopEmbedded.js?version=10.34.0.0-release_5656
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
ff0bb14e0ea1772176c67fa4fb39b05e5020abeb0ff8e345c885927f92c18bef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 21 Jun 2024 19:24:19 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
925995
x-guploader-uploadid
ACJd0Nrz8up3uOSUvjJdhzFvxaqONf7sJFOooY2MFmn2asskc_3n-t0iKR0D0eQ9_4U5BHAakD4rLj9kug
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
258742
last-modified
Fri, 23 Feb 2024 02:35:06 GMT
server
UploadServer
etag
W/"2547ecb24bdcee7dbc87493320c115b6"
vary
Accept-Encoding
x-goog-generation
1708655706195206
x-goog-hash
crc32c=NaDMkw==, md5=JUfsskvc7n28h0kzIMEVtg==
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
cache-control
public,max-age=31536000
x-goog-stored-content-length
1068928
accept-ranges
none
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
content-type
application/javascript
storage.secure.min.js
lpcdn.lpsnmedia.net/le_secure_storage/3.26.0.0-release_5111/ 		42 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.26.0.0-release_5111/storage.secure.min.js?loc=https%3A%2F%2Fwww.us.hsbc.com&site=52516473&env=prod&accdn=accdn.lpsnmedia.net
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
1a7331ffda1e8609ff3a28975ed92c6be84407d2f92df315d4f56892bedfd267
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 02:01:20 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
470174
x-guploader-uploadid
ACJd0NpjobzgvE4LIpml4ofw5GM-z87JgW6p9AtKxOSU22Wwn1kk2JORMdQWGJ3O26ncc6Q4oSih8PG7jQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
14725
last-modified
Fri, 23 Feb 2024 02:32:10 GMT
server
UploadServer
etag
W/"0b1822a9670f05b1888b2968d5858445"
vary
Accept-Encoding
x-goog-generation
1708655530415139
x-goog-hash
crc32c=Y9SiOw==, md5=CxgiqWcPBbGIiylo1YWERQ==
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
cache-control
public,max-age=31536000
x-goog-stored-content-length
43356
accept-ranges
none
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
content-type
application/javascript
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.26.0.0-release_5111/ Frame 44BA 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.26.0.0-release_5111/storage.secure.min.html?loc=https%3A%2F%2Fwww.us.hsbc.com&site=52516473&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://www.us.hsbc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
age
8310
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
15865
content-type
text/html
date
Tue, 02 Jul 2024 10:19:04 GMT
etag
W/"585e590c5fdfc51b6a8cf9618bca020b"
last-modified
Fri, 23 Feb 2024 02:32:10 GMT
server
UploadServer
strict-transport-security
max-age=31536000; includeSubDomains
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
vary
Accept-Encoding
x-content-type-options
nosniff
x-goog-generation
1708655530429160
x-goog-hash
crc32c=xoBUww== md5=WF5ZDF/fxRtqjPlhi8oCCw==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
47117
x-guploader-uploadid
ACJd0NpIvg33R5psylIAgoSOiaRcOU-hbYeVecYJISaOS3pt5OMBMbiSYEcb8-9qWlcoa7nd8SY
52516473
va.v.liveperson.net/api/js/ 		622 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/52516473?&cb=lpCb89635x68245&t=sp&ts=1719923854498&pid=2360010287&tid=7903046227&pt=Credit%20Card%20Offers%20%26%20Benefits%20-%20HSBC%20Bank%20USA&u=https%3A%2F%2Fwww.us.hsbc.com%2Fcredit-cards%2F&sec=%5B%22credit-cards_%22%5D&df=0&os=0&sdes=%5B%7B%22type%22%3A%22ctmrinfo%22%2C%22info%22%3A%7B%22ctype%22%3A%22en_us%22%7D%7D%2C%7B%22type%22%3A%22cart%22%2C%22numItems%22%3A0%2C%22products%22%3A%5B%7B%22product%22%3A%7B%22name%22%3A%22page_security_level-0%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%2C%7B%22product%22%3A%7B%22name%22%3A%22site_region-undefined_undefined_united_states_of_america_undefined_undefined%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%5D%7D%2C%7B%22type%22%3A%22cart%22%2C%22numItems%22%3A0%2C%22products%22%3A%5B%7B%22product%22%3A%7B%22name%22%3A%22page_security_level-0%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%2C%7B%22product%22%3A%7B%22name%22%3A%22site_region-undefined_undefined_united_states_of_america_undefined_undefined%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%5D%7D%5D&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
83076860c3d3ae4bac96d88b6a20427dfa3e87976e46b7312453af57b8e76af0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
overlay.js
lpcdn.lpsnmedia.net/le_re/3.58.0.0-release_5206/jsv2/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_re/3.58.0.0-release_5206/jsv2/overlay.js?_v=3.58.0.0-release_5206
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
027dbe31bc494e14acab76a221273e52d1d8273f29a5a46055b36d74d6eb369b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 02:06:04 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
469891
x-guploader-uploadid
ACJd0NpMMh0iWnzpLTVn4kxu_wza13fgh-S2uTFUwQXzFDZ_ACg5WIKMLCeqhfB_XcLFgXAQXhQ
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3153
last-modified
Fri, 03 Nov 2023 01:16:53 GMT
server
UploadServer
etag
W/"3de36f700a9fd7b27d7cf9968d108388"
vary
Accept-Encoding
x-goog-generation
1698974213465391
x-goog-hash
crc32c=2/vLrg==, md5=PeNvcAqf17J9fPmWjRCDiA==
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
cache-control
public,max-age=31536000
x-goog-stored-content-length
9892
accept-ranges
none
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
content-type
application/javascript
UISuite.js
lpcdn.lpsnmedia.net/le_re/3.58.0.0-release_5206/jsv2/ 		30 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_re/3.58.0.0-release_5206/jsv2/UISuite.js?_v=3.58.0.0-release_5206
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
7e3796f3b197762f594a263f17a78435fa9bcfbf8da3955e6e1c599972513ca9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 18 Jun 2024 12:23:56 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
age
1210419
x-guploader-uploadid
ACJd0NrSUu93M-s2fPjqkiI7xM_PnyoulPZdy9_6xWqJGqczIxExkaMHADr3iQaix0EYx1CSCwo
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
identity
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10008
last-modified
Fri, 03 Nov 2023 01:16:53 GMT
server
UploadServer
etag
W/"5d7b4786c7eb250502bc8bc054d0515f"
vary
Accept-Encoding
x-goog-generation
1698974213330205
x-goog-hash
crc32c=MXog6A==, md5=XXtHhsfrJQUCvIvAVNBRXw==
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
cache-control
public,max-age=31536000
x-goog-stored-content-length
30614
accept-ranges
none
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
content-type
application/javascript
1045
accdn.lpsnmedia.net/api/account/52516473/configuration/le-campaigns/campaigns/3326030030/engagements/3326034230/revision/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/52516473/configuration/le-campaigns/campaigns/3326030030/engagements/3326034230/revision/1045?v=3.0&cb=lp3326034230&flavor=dependency
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-accdn.lpsnmedia.net
Software
ws /
Resource Hash
31f9a4ae84d1bb5ba06f20d1696ed646bf0451256212ed08a502719ba9273043
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:35 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Tue, 02 Jul 2024 12:38:35 GMT
52516473
va.v.liveperson.net/api/js/ 		111 B
900 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/52516473?sid=R_u0guxfRYa7puk8-Nd-lg&cb=lpCb11027x10308&t=pl&ts=1719923854977&pid=2360010287&tid=7903046227&sdes=%5B%7B%22type%22%3A%22mrktInfo%22%2C%22info%22%3A%7B%22campaignId%22%3A%22non-abc%22%7D%7D%5D&vid=ViNjY5Mjg2ZWU0YWJlNDc0
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
10545b048c8a9dca27611303e8ddf24c5a0045006196c07fccbd150a704461be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
3325796130
accdn.lpsnmedia.net/api/account/52516473/configuration/engagement-window/window-confs/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accdn.lpsnmedia.net/api/account/52516473/configuration/engagement-window/window-confs/3325796130?cb=lpCb90005x18376
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.99 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lo-accdn.lpsnmedia.net
Software
ws /
Resource Hash
a22fd178113ed556e34aba3fee7bd73f303804b60ef1833849de7993227bae2e
Security Headers
Name Value
Strict-Transport-Security max-age=99999999999; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:35 GMT
strict-transport-security
max-age=99999999999; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
EXPIRED
vary
Accept
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires
Tue, 02 Jul 2024 12:38:35 GMT
chat-icon.jpg
www.us.hsbc.com/content/dam/hsbc/us/en_us/live-chat/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/live-chat/chat-icon.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
128c6163a5231009e1835ef1f07427627f4dc99b013143fb6de55072de4692ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:12:01 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="qKMjtYtLfZiEVCWY4Wr7T4TbtFkdl70iS616j9zIlNHkT7aGQ8IHsA==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=322
content-length
1149
x-xss-protection
1; mode=block
last-modified
Mon, 03 May 2021 13:50:02 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
qKMjtYtLfZiEVCWY4Wr7T4TbtFkdl70iS616j9zIlNHkT7aGQ8IHsA==
52516473
va.v.liveperson.net/api/js/ 		41 B
837 B 		Script
General
Check archive.org
Download Go to
Full URL
https://va.v.liveperson.net/api/js/52516473?sid=R_u0guxfRYa7puk8-Nd-lg&cb=lpCb4476x63038&t=uc&ts=1719923856285&pid=2360010287&tid=7903046227&vid=ViNjY5Mjg2ZWU0YWJlNDc0&sdes=%5B%7B%22type%22%3A%22impDisplay%22%2C%22campaign%22%3A3326030030%2C%22engId%22%3A3326034230%2C%22revision%22%3A1045%2C%22eContext%22%3A%5B%7B%22type%22%3A%22engagementContext%22%2C%22id%22%3A%221%22%7D%5D%7D%5D
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/52516473/configuration/applications/taglets/.jsonp?v=2.0&df=undefined&s=credit-cards_&b=undefined
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.87 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
va.v.liveperson.net
Software
ws /
Resource Hash
cb632f7aa136f64fbee662286e31f6aa12bac19a2cc2a032220ab779c7383682
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
server
ws
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
no-store
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
chat-icon.jpg
www.us.hsbc.com/content/dam/hsbc/us/en_us/live-chat/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.us.hsbc.com/content/dam/hsbc/us/en_us/live-chat/chat-icon.jpg
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/credit-cards/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
128c6163a5231009e1835ef1f07427627f4dc99b013143fb6de55072de4692ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:12:01 GMT
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA60-P6
age
1535
x-cache
Hit from cloudfront
server-timing
cdn-cache-hit,cdn-pop;desc="FRA60-P6",cdn-rid;desc="qKMjtYtLfZiEVCWY4Wr7T4TbtFkdl70iS616j9zIlNHkT7aGQ8IHsA==",cdn-hit-layer;desc="REC",cdn-downstream-fbl;dur=322
content-length
1149
x-xss-protection
1; mode=block
last-modified
Mon, 03 May 2021 13:50:02 GMT
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=2592000, s-maxage=2592000
accept-ranges
bytes
s
dispatcher2useast2-b80
x-amz-cf-id
qKMjtYtLfZiEVCWY4Wr7T4TbtFkdl70iS616j9zIlNHkT7aGQ8IHsA==
adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js
cdn.appdynamics.com/ 		45 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.appdynamics.com/adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.150.128 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-150-128.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 06:53:05 GMT
content-encoding
br
via
1.1 134eef7df83fe066fda8a86e722c33dc.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000
last-modified
Thu, 15 Sep 2016 22:05:47 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P7
age
20678
etag
W/"989cc223341935e903706cd798e666c7"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=31536000, immutable
cross-origin-resource-policy
cross-origin
x-amz-cf-id
yGIvxENvY3LAz1CoeQtuEKdwLN0Gn6m9-yzW60ELfkXIknJG1_PULw==
favicon.ico
www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/favicons/ 		15 KB
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.us.hsbc.com/etc.clientlibs/dpws/clientlibs-public/clientlib-site/resources/favicons/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.86.61 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-86-61.fra60.r.cloudfront.net
Software
Apache /
Resource Hash
6792c4c37672b1a8d6c2842f403c70c85f3b66f3ebaa434b816b5cd25203113b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/credit-cards/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:12:01 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-content-type-options
nosniff
via
1.1 b17826d683a2d96e59e274ca2b79697e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P6
age
1536
x-cache
Hit from cloudfront
content-length
15086
x-xss-protection
1; mode=block
last-modified
Wed, 19 Jun 2024 07:27:35 GMT
server
Apache
content-type
image/vnd.microsoft.icon
cache-control
max-age=7776000, s-maxage=7776000
accept-ranges
bytes
s
dispatcher2useast1-b80
x-amz-cf-id
Idxe23JEK7gGjqby1n9LbezBO2zD3glU8jZl08mshHGvxm-cbWQQKg==
jsEvent.json
mcm-prod.us.hsbc.com/8399/1040032166/XBW09WEA78JG/ 		4 KB
5 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcm-prod.us.hsbc.com/8399/1040032166/XBW09WEA78JG/jsEvent.json
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.185 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
311ce91a358cd0a7bfb3bbce0108c42365bab2f44ee9cc22584e0000839f01de
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Tue, 02 Jul 2024 12:37:37 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://www.us.hsbc.com
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
usvisstp201_US
Keep-Alive
timeout=5
Content-Length
3986
jsEvent.json
mcm-prod.us.hsbc.com/8399/1040032166/XBW09WEA78JG/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcm-prod.us.hsbc.com/8399/1040032166/XBW09WEA78JG/jsEvent.json
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.185 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
638d767cefd78101821fdca0b8c191be1076efab629d159988968b715fbc48dd
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Tue, 02 Jul 2024 12:37:38 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://www.us.hsbc.com
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
usvisstp201_US
Keep-Alive
timeout=5
Content-Length
2492
jsEvent.json
mcm-prod.us.hsbc.com/8399/1040032166/XBW09WEA78JG/ 		50 B
867 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mcm-prod.us.hsbc.com/8399/1040032166/XBW09WEA78JG/jsEvent.json
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.185 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Tue, 02 Jul 2024 12:37:38 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://www.us.hsbc.com
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
usvisstp201_US
Keep-Alive
timeout=5
Content-Length
50
adrum
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAF-XXH/ 		0
866 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAF-XXH/adrum
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.13.12.238 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-13-12-238.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536010; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Tue, 02 Jul 2024 12:37:39 GMT
strict-transport-security
max-age=31536010; includeSubDomains
x-content-type-options
nosniff
server
envoy
vary
*
content-type
text/html
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time
0
access-control-allow-headers
origin, content-type, accept
expires
0
adrum
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAF-XXH/ 		0
868 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAF-XXH/adrum
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.13.12.238 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-13-12-238.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536010; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Tue, 02 Jul 2024 12:37:39 GMT
strict-transport-security
max-age=31536010; includeSubDomains
x-content-type-options
nosniff
server
envoy
vary
*
content-type
text/html
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time
0
access-control-allow-headers
origin, content-type, accept
expires
0
i.gif
collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/2/ 		43 B
761 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/2/i.gif
Requested by
Host: www.us.hsbc.com
URL: https://www.us.hsbc.com/etc.clientlibs/hsbc/global/clientlibs/appd.min.28729b81913621076cb1004898cb22c7.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.253.92 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-253-92.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryPhTcvOGdNyRycDBF

Response headers

date
Tue, 02 Jul 2024 12:37:39 GMT
x-serverid
uconnect_i-08741d4d41152fa4a
x-tid
0190737348470016442a362407720506f002506700b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-us:2:datacloud
x-region
us-east-1
content-length
43
pragma
no-cache
x-did
0190737348470016442a362407720506f002506700b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://www.us.hsbc.com
x-ulver
48d6d444c60a48b0fb994a4aed1c725e05c4a4b7-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
89dc19e1-2a1b-4ae2-a6d8-ffcfec6c2d46
expires
Tue, 02 Jul 2024 12:37:39 GMT
js
www.googletagmanager.com/gtag/ 		204 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-8725221
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.640.js?utv=ut4.47.202210050907
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cc9c8242cf0fec59fa465815dd859d66244f44b3b98c3b7340be78caaca84c63
Security Headers
Name Value
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 02 Jul 2024 12:37:33 GMT
content-encoding
br
last-modified
Tue, 02 Jul 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75945
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 02 Jul 2024 12:37:33 GMT
0190737348470016442a362407720506f002506700b08
visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-us/0190737348470016442a362407720506f002506700b08?callback=utag.ut%5B%22writevawpb-stream-us%22%5D&rnd=1719923859944
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/us-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.223.231.146 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-223-231-146.compute-1.amazonaws.com
Software
/
Resource Hash
ee7f99f535d813bc06504fdcfbad7e6e378540a5a459c212eebda0ebf124a9a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://www.us.hsbc.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-version
29c08d7b4f5aca3e47f349eb2d13b5b8b2534f59-SNAPSHOT
date
Tue, 02 Jul 2024 12:37:40 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
us-east-1
content-length
1355
x-nodeid
i-05b7d0844bfc95c12
content-type
application/javascript; charset=utf-8

Verdicts & Comments Add Verdict or Comment

272 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 undefined| event object| fence object| sharedStorage object| TMS number| maskTimeout boolean| syncChangesApplied object| cssRuleManager function| removeMask object| u object| HSBC object| _tag object| DCSext function| dcsGetHSBCCookie function| dcsVar function| dcsMultiTrack function| dcsMapHSBC function| dcsMeta function| dcsFunc function| dcsTag object| optimizely object| utag_data string| adrum-app-key number| adrum-start-time object| ADRUM object| modalsConfiguration function| isFunction function| typeStr function| escapeRegExp function| hasProperty function| primitiveHasOwnProperty function| testRegExp function| isWhitespace function| escapeHtml function| parseTemplate function| squashTokens function| nestTokens function| Scanner function| Context function| Writer object| mustache object| defaultWriter function| RadioButton function| RadioGroup undefined| $ function| jQuery function| moment object| Bootstrap object| browserUtils object| GPWS object| HSBC_utils object| Mustache object| cpiUtils object| utag_err boolean| utag_condload string| utag_lh object| jwt undefined| JWTInternals object| params object| qp_v_id object| qp_ses_id object| elem boolean| loggedInScript string| targetElementsSelector object| targetElements boolean| isTargetElementPresent string| versionNode number| version object| utag function| utag_condloader function| _tealium_old_error boolean| __tealium_twc_switch object| utag_cfg_ovrd object| Evnt string| mn object| blist object| pixel_lib object| utag_extn function| targetPageParams function| lpGetAuthenticationToken undefined| _ boolean| pushIdentities function| tealium_liveperson_lib object| lpTag function| fbq function| _fbq object| dataLayer object| wizconfig object| aemC object| moOpt object| WIZ_util function| prefixPriority string| formattedredact2 string| formatted object| WIZ_res function| PixelSearchService function| pLoaded string| HSBCUSPageID string| HSBCUScompatVersion string| HSBCUSpacketVersion string| HSBCUSuseCorsForInitialRequest string| HSBCUSuseJsonFormatForInitialCorsRequest string| HSBCUSTCP string| HSBCUSSSL function| HSBCUSgPr object| HSBCUSpendingManualEvents object| HSBCUSqueuedYoutubeReferences function| HSBCUSevent function| HSBCUSclick function| HSBCUStextchange function| HSBCUSformsubmit function| HSBCUSSendJsonData function| HSBCUStrackYouTubeIframePlayer function| HSBCUSinitialExecutionCanProceed function| HSBCUSblockExecutionForInsertAlreadyPresent function| HSBCUSSL function| HSBCUSsendScriptRequests function| HSBCUScookieAllowsScriptToProceed function| HSBCUSSC function| HSBCUSfindCookieVal function| HSBCUSdeleteLegacyCookies function| HSBCUSdoDeleteCookie boolean| HSBCUSLF function| HSBCUSclearStoppedState function| HSBCUSstop function| HSBCUSgenerateUUID object| HSBCUScookieList function| HSBCUSgC function| HSBCUSae function| HSBCUSclient_event function| HSBCUSGP function| HSBCUSGPWID function| HSBCUSLC string| HSBCUSTWID function| HSBCUSoptOut function| HSBCUSoptIn function| HSBCUSanonymous function| HSBCUSresetCSA function| HSBCUSdoReInit function| HSBCUStmoPoll boolean| HSBCUSjsInsertAlreadyLoaded function| HSBCUSgetSD string| HSBCUSwindowID number| HSBCUSTm object| HSBCUSsImgArr object| HSBCUSRTEHandler boolean| impressiontrackingrunning object| h object| e number| f string| items string| storageData boolean| gtag_enable_tcf_support object| google_tag_manager object| google_tag_data function| _typeof function| _extends object| lpTaglogListeners object| proxyless object| lpMTagConfig object| minMacOSVersion object| minIOSVersion object| supportedSystemRegEx boolean| urlFlag boolean| clickEventSet undefined| qs undefined| env function| CheckAbcSupport function| extractSystemInfo function| checkVersion function| getParams function| addABC function| addUrl function| minimizeBanner function| watchIframes number| loopCount string| abcLink function| setUpEngagements boolean| isAbc boolean| runNewPage number| n string| key string| val string| sdeType string| sdeName string| sdeValue string| sde function| createFrameworkGlobals object| liveperson function| SurveyManager function| _stateChanged object| STORAGE object| proto string| QUESTION_ERROR_TYPE object| lpIntlTelInputUtils object| lpIntlTelInputGlobals function| HSBCUSiBd function| HSBCUSBd boolean| HSBCUSoTP object| HSBCUSoWA number| HSBCUSwI boolean| HSBCUSsWO boolean| HSBCUSisReinit function| HSBCUSdoCelebrusInsertInvocation string| HSBCUSwid string| HSBCUSsn string| HSBCUScfg string| HSBCUSln string| HSBCUSgetInputs string| HSBCUSmultiAttribJsRules string| HSBCUSjsRules string| HSBCUSmetaTagRules string| HSBCUScontentRules string| HSBCUSregExRules string| HSBCUSfbRules string| HSBCUSgpRules string| HSBCUStwRules string| HSBCUSsvId string| HSBCUSexceptionRules string| HSBCUSdbId boolean| HSBCUSlookups string| HSBCUScontentKey number| HSBCUSidl number| HSBCUSsST number| HSBCUSmST boolean| HSBCUSdoCapture boolean| HSBCUSuSC string| HSBCUSaCI boolean| HSBCUSuseCors boolean| HSBCUSuseJsonFormatRequest boolean| HSBCUSqNI boolean| HSBCUScelebrusInsertInvocationToken number| HSBCUSlstActv boolean| HSBCUSnavSent function| HSBCUSgetConfig function| HSBCUSdeleteSessionCookie function| HSBCUSvariableStateChange object| HSBCUSiAy function| HSBCUSeQI function| HSBCUSdCB function| HSBCUSflushEvents function| HSBCUSpollForReset function| HSBCUSdoResetCSA function| HSBCUSstopEvents function| HSBCUSmediaEvent function| HSBCUStwitterAnywhereTweet function| HSBCUSgplusAuthResponse function| HSBCUSplusOne function| HSBCUSlinkedInShare function| HSBCUScOP function| HSBCUSqueueUserEvent function| HSBCUSflashEvent function| HSBCUSreportContentAction function| HSBCUSgHW boolean| HSBCUScfgAlreadyDirectedHandlerUse object| HSBCUSsACW number| HSBCUSisReady object| VADM object| frame string| search undefined| page undefined| links undefined| str undefined| href undefined| append undefined| parts undefined| css undefined| head undefined| style object| parser object| xmlDoc

17 Cookies

Domain/Path Name / Value
.hsbc.com/ Name: tms_ref
Value:
.hsbc.com/ Name: optimizelyEndUserId
Value: oeu1719923853554r0.7641053208152411
.hsbc.com/ Name: mkt_c
Value: ZZZZZZZZZZ
.hsbc.com/ Name: _gcl_au
Value: 1.1.1415595392.1719923854
.hsbc.com/ Name: _fbp
Value: fb.1.1719923853981.341415051847663300
.tealiumiq.com/ Name: TAPID
Value: hsbc/wpb-stream-us>0190737348470016442a362407720506f002506700b08|
.amazon-adsystem.com/ Name: ad-id
Value: A1i9CCzoiU5csW8Okn_jfI4
.amazon-adsystem.com/ Name: ad-privacy
Value: 0
.hsbc.com/ Name: LPVID
Value: ViNjY5Mjg2ZWU0YWJlNDc0
.hsbc.com/ Name: LPSID-52516473
Value: R_u0guxfRYa7puk8-Nd-lg
mcm-prod.us.hsbc.com/ Name: VH-mcm-prod.hsbc.us
Value: 2545949100.6265.0000
mcm-prod.us.hsbc.com/ Name: HSBCUScdPersisted
Value: null_1_e3cc8771d051441dbcf1ddc3e81b40ae
mcm-prod.us.hsbc.com/ Name: TS01f477b4
Value: 014b9459e02c53ce4ccb28e917f8af0ac6158a0a4fa9cdd9b140583f5448637527665f0f5782c534432dfa346b2878bfc50c64bf3e
.hsbc.com/ Name: HSBCUSsession
Value: 104003574_1719923853684_1719923857155_8399_0888af0624b04a68914ef99959aa53ce
.hsbc.com/ Name: HSBCUSpersisted
Value: null_1_e3cc8771d051441dbcf1ddc3e81b40ae_1719923857155_104003574_1719923857155_1
mcm-prod.us.hsbc.com/ Name: HSBCUScdSession
Value: 104003574_1719923858162_1719923857155_8399_0888af0624b04a68914ef99959aa53ce
.hsbc.com/ Name: utag_main
Value: v_id:0190737348470016442a362407720506f002506700b08$_sn:1$_se:3$_ss:0$_st:1719925659668$ses_id:1719923853384%3Bexp-session$_pn:1%3Bexp-session$dcsyncran:1%3Bexp-session$dc_group:5$_prevpage:pws%3Acredit%20cards%3Bexp-session$dc_visit:1$dc_event:3%3Bexp-session$amsyncran:1%3Bexp-session$dc_region:us-east-1%3Bexp-session

1 Console Messages

Source Level URL
Text
security error URL: https://www.us.hsbc.com/credit-cards/
Message:
Refused to execute script from 'https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=0190737348470016442a362407720506f002506700b08&dcc=t' because its MIME type ('image/gif') is not executable.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.walkme.com *.us.hsbc.com *.dev.fs.liveperson.com googleads.g.doubleclick.net va.v.liveperson.net *.amazon-adsystem.com connect.facebook.net tpc.googlesyndication.com lptag.liveperson.net lpcdn.lpsnmedia.net tags.tiqcdn.com www.googletagmanager.com cdn.appdynamics.com www.google-analytics.com ssl.google-analytics.com www.googleadservices.com hsbcbankglobal.sc.omtrdc.net *.amazonaws.com mcm-prod.us.hsbc.com s.amazon-adsystem.com cdn.optimizely.com static.cdn-apple.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.walkme.com *.us.hsbc.com *.siteintercept.qualtrics.com http://127.0.0.1:5000 http://127.0.0.1:5000/* adservice.google.com www.security.us.hsbc.com www.facebook.com www.google.com maps.googleapis.com www.googletagmanager.com *.brightcovecdn.com ad.doubleclick.net analytics.google.com rbwm-api.us.hsbc.com stats.g.doubleclick.net www.google-analytics.com *.va.cobrowse.liveperson.net akamai.tiqcdn.com hsbcbankglobal.tt.omtrdc.net dpm.demdex.net mcm-prod.us.hsbc.com *.amazonaws.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com brightcove.hs.llnwd.net *.akamaihd.net *.api.brightcove.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net www.facebook.com tpc.googlesyndication.com www.youtube.com sts-aad.auth.hsbc.com hsbcbankglobal.demdex.net 8725221.fls.doubleclick.net 3464050.fls.doubleclick.net; frame-ancestors 'self' www.us.hsbc.com; font-src 'self' data: *.hsbc.com.hk fonts.gstatic.com fonts.cdnfonts.com at.alicdn.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.walkme.com *.va.cobrowse.liveperson.net; object-src 'self' players.brightcove.net; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com lpcdn.lpsnmedia.net ssl.gstatic.com; manifest-src 'self'; upgrade-insecure-requests ; report-uri /csp/report;
Strict-Transport-Security max-age=31536000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a19069622224.cdn.optimizely.com
accdn.lpsnmedia.net
akamai.tiqcdn.com
cdn.appdynamics.com
cdn.optimizely.com
cdn3.optimizely.com
cm.g.doubleclick.net
col.eum-appdynamics.com
collect-us-east-1.tealiumiq.com
connect.facebook.net
hsbccreditcard.com
logx.optimizely.com
lpcdn.lpsnmedia.net
lptag.liveperson.net
mcm-prod.us.hsbc.com
s.amazon-adsystem.com
static-assets.dev.fs.liveperson.com
tags.tiqcdn.com
va.v.liveperson.net
visitor-service-us-east-1.tealiumiq.com
www.facebook.com
www.googletagmanager.com
www.hsbccreditcard.com
www.us.hsbc.com
104.18.30.209
107.22.253.92
142.250.184.194
161.113.4.185
178.249.97.23
178.249.97.99
18.245.86.12
18.245.86.61
208.89.12.87
23.197.128.15
23.45.104.216
2600:9000:235a:9000:7:2bfb:7c00:93a1
2a00:1450:4001:81d::2008
2a02:26f0:3500:88e::13b8
2a03:2880:f084:105:face:b00c:0:3
2a03:2880:f177:185:face:b00c:0:25de
3.160.150.128
3.223.231.146
34.120.154.120
34.49.241.189
52.13.12.238
52.46.155.104
54.192.137.86
99.83.228.62
027dbe31bc494e14acab76a221273e52d1d8273f29a5a46055b36d74d6eb369b
07ce5f82c07092c5d17c8b8113065a65e42dc7b041996f41691c23b0355b4b41
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0ca2d5d4dece21114294a8783944cdd00a4351935831b27f9a83b8eb543c6438
0ec31bc262a6d14aa60e5839ddeb7f5ebcb9bb37a37e0b42b81ffd08aef70e80
0f0bbd7654923199dcac4221bf62f1e3d4276687e01ff62fc60873a0f372ae6c
10545b048c8a9dca27611303e8ddf24c5a0045006196c07fccbd150a704461be
128c6163a5231009e1835ef1f07427627f4dc99b013143fb6de55072de4692ce
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
177a18e00000e08e8ded018c0b23c31b55a5d433a287bc5b4a82ad5b9c74dd41
1a7331ffda1e8609ff3a28975ed92c6be84407d2f92df315d4f56892bedfd267
1b80f68604e91919f226a2deaf3cbf752774fce767f202897e9b4dc4e1242f10
1bf41b27b2955921265d0797b72260a7ce6057c9355bf6cd0922324df2847d22
1cc8ed3b19c06b0be3780220cb04e0407015da556bdf9656dc6964c840216949
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
20594e48582ee15223b8a82a5162ebf2f8c5b4ea66b16cfc839714a235260e0f
24b0dfe83fae087d64782b136f037c94b29dbbd0a6d9dbab9c6e9a476cda0f69
28ede743695d3712a2575d864b7c13e4f80714a7262f485f4380a0a911901551
2cd958ef25500f651a1989573a301b18e1489d99612a9cd09900b56be6ee6e99
2f108ebe81a11d61e19ad47f38c9ab9a9d8abfba6d67d468655fa4858d9ea5e2
2fce2feb1cb59a8c53b5b46d1d758949090324d34b2a941a972240d6ccf63db6
311ce91a358cd0a7bfb3bbce0108c42365bab2f44ee9cc22584e0000839f01de
31f9a4ae84d1bb5ba06f20d1696ed646bf0451256212ed08a502719ba9273043
32de640104368ce8560b5d30d099e6a8fef1c3048e721421b54c1ecd940b1880
3e4f5d07904cf355da7bfbca5d4eee18a4c09fc9e6a79df958d0bb1225572983
41fe74a6ec6abdd0bedca810ea88bf1d73c7cbd0a0bce9e2813402c8456a3ad2
435528a638d50f01f3ce2bb965b4fcdc41ab5a7355348ea944001f33024be41c
454742bff491da28e6b642099f379a873430d35be21d5513128833025126c12d
4776256faec5f4fd68224fdd4c458bfe68820a0e4da74614fd0ab144fcb4b5f1
4d47e3b576c35d06ad47f75b38effcd77fe0cb3423156e7a86f996624157a167
56deb9bcbc7c82f9d4d90c417b8c7243b1cf887d87fa4636687152831c7bc661
57241a7568d24614c77f569392bc537d02b26205e681434618f720a7c35736cd
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
589c637bb7a658de26723d9dfedcb3a517d9b34d696c9335028986acec6f4b0b
5e64fb035e8def6cd9d3b7361352ba6c11c99a5241208a665ee2f242b81683e6
5f8af2542660cf3e32b23bfe92f56ef955caa8e741572f1805c221bac79bf508
637a334f08c61905d4de8fa2152f845ad666b6a70d714fba1a6078c19cf682ee
638d767cefd78101821fdca0b8c191be1076efab629d159988968b715fbc48dd
6792c4c37672b1a8d6c2842f403c70c85f3b66f3ebaa434b816b5cd25203113b
69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6
70b7bcbf7fa3a48b23ac998312052e1b41038046d487ddeddb18216791a8fd15
7204fbdd71b08d3183957eefd74beb00da67c87693b9727b837754c7884177e7
7391f06dd8a0d002a5f19df8b26b208f8b127a01c9f33907ca445604b6619c8c
74cc8181e92ac8136a062fba06c2c43619b8be18ce9e7fc2681d237a93828e7e
7560d49f697a13fcefb0cf9f6a2ea4fde86e6c80440a08d9f77d9ffe32da05f5
75fe7ad966153b043277de7b083b2fd4b85687f811b149a48b93711c37c32a3b
76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586
7783a55dff5c9c7055bccbc7ca40ab79fc731ab14e2a162b369f536298e758b5
7b2b8cd33c9f95c6f845ce0d37b385c408d6f49c9ead4e89e4a351e93aa9441f
7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60
7e3796f3b197762f594a263f17a78435fa9bcfbf8da3955e6e1c599972513ca9
80e8c0c19e255651c3c072f01f69854d97f45ade1a44a8a857becece384107f7
83076860c3d3ae4bac96d88b6a20427dfa3e87976e46b7312453af57b8e76af0
85f0781c18e7a218c6d0a042a0b2da1d4b0666dcd2ea767ab941cdc754a6fbcb
86b6dd8b84478bf413e741dfb182c14c70ef909fc4027cf01794c3c08fede946
86f912b238d272da6d6cb9750fa380bf5ba8ff952a2d6b67fbe642b2b782bb57
88fc669dd8708d576baa4325c1fefa6923fd8fc7783f02062ae0783592055ea6
924d2768e86c3814242cf4e04fea6091a1634b2f432cecd99f681efc323686ab
94dc230b5ba6ffeff1a1e2b48356bbff6fdf4607ffa99761980df55c180bacd4
97856a811f44b6159ca38e4dc9cde8e08cb2ef648abdbd08f7ddbd1d01b1e40d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a0d9689e454c6d7721ae4f22aed3e1c5adcf6b47d1bdc78bce072c8e81850d46
a22fd178113ed556e34aba3fee7bd73f303804b60ef1833849de7993227bae2e
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abcf120f7a0e0e9e793a41d6923a86635b9a54632dbef14853c4d6265c86e2ca
acb7ed0147db9543611d5766e5136916aafe89137ab06f4107d2bd098680b28b
b5393266c2f7459185469798428d6a249539c628bdf024da892e2720688d62bc
b77ed3129f1d87b033fd2dcd2b744b44e71b277b83f74d674f3ed169e0741142
b9cd76b84fa42d8196d4dc8c19b0665e93f51fbf734addae5bbbdd7235560106
ba55254e846e77e27e67a952552fa702c37a86508dd3c4172035804903194e8a
bce2304dabc2b2b908fbc9f73d301e014b0e5ecbd6af1ed128f70540fa6fcb66
c736d15fc8104340a0fcbdad3dea714abc1a358ec4e108952c223a24460006e3
cb632f7aa136f64fbee662286e31f6aa12bac19a2cc2a032220ab779c7383682
cc9c8242cf0fec59fa465815dd859d66244f44b3b98c3b7340be78caaca84c63
ccf07142ee8eeba853900e1ac98f80c4cf170d059f903a5236bf99e0fdbc7a43
d027ebdbd078ff14a3e0231aaede315e3e5fc80c73d168efe8a5501c872d9182
d4beb6bc8ca48c3297628ed88c46e660d9b099fe0a00ed58f651a5e1a6dcb85a
d5f8aa0f6a8106c249fce078eef64f4fc96fa2301c661feffa21e2e86081a5bf
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559
d9d1d6fee7d44c778f3ba2091bf6d413c4808e9f5f8d42567659927df9bc9ac9
da146d0ff664f1c3c2f3f1b1d322faecc6516614232518a20c011a3543e83c43
de1805522e8bde4516893684590f431b5bc8716638f3b9cdbf4e987767e61a65
e36ea7da5e103101351269e7335e64d920b978ee8cb19e6fe6c40ff487a99325
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed
ee7f99f535d813bc06504fdcfbad7e6e378540a5a459c212eebda0ebf124a9a4
f08d5b52cb9eb8cf13ba3a2d5bedd429fa0f82c0b9cc703c835159b6e95e234c
f40638235df59280ba2cbc24f1c5bbabe888b365be521303edde289df08886a9
f46f1a6eb7b8cf60550c505b94bb52eb6a4f08a7aab93b43412546049889df4b
f57bc3ef33aa618d19e415cca284f199f617e875a78bcbed380b37eaa563705e
f9929b531e44104d35b0990117ec4df59627760f66ee62454bc82bf50cc4f297
f9a5649d70f74cde04ab0c3f8a8f41810772e9970befa7fee8e339bcf4dd3b08
f9ea8e5d8c81d44fef7758d21318c991db48c3c22823e643f28a7f7a671fdadd
fc306ad03e79f14ca1a1a484d4e790b839ac0661246015e05c9ae575ec1b09f7
fee5e7a711549efa4853d4ea014473235f50d5393fc66947517402c4954ed9a4
ff0bb14e0ea1772176c67fa4fb39b05e5020abeb0ff8e345c885927f92c18bef
ffbd812ccd2dd2d495be8b17e99989e023a3cc7832e4a7928514e97148db0e14