urlscan.io logo urlscan.io
SecurityTrails logo

kreditt.lofavor.no Open in urlscan Pro
193.212.175.230  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.kortbank.no/
Effective URL: https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Submission: On July 04 via automatic, source certstream-suspicious — Scanned from NO
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 15 HTTP transactions. The main IP is 193.212.175.230, located in Drammen, Norway and belongs to TELENOR-NEXTEL Telenor Norge AS, NO. The main domain is kreditt.lofavor.no.
TLS certificate: Issued by R3 on June 5th 2024. Valid for: 3 months.
This is the only time kreditt.lofavor.no was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 193.212.175.221 2119 (TELENOR-N...)
1 6 193.212.175.230 2119 (TELENOR-N...)
8 193.212.175.201 2119 (TELENOR-N...)
2 193.212.175.209 2119 (TELENOR-N...)
15 3
Apex Domain
Subdomains		 Transfer
14 lofavor.no
kreditt.lofavor.no
login.kreditt.lofavor.no
924 KB
2 sparebank1.no
www.sparebank1.no — Cisco Umbrella Rank: 779992
5 KB
1 kortbank.no
www.kortbank.no
267 B
15 3
Domain Requested by
8 login.kreditt.lofavor.no kreditt.lofavor.no
login.kreditt.lofavor.no
6 kreditt.lofavor.no 1 redirects kreditt.lofavor.no
2 www.sparebank1.no login.kreditt.lofavor.no
www.sparebank1.no
1 www.kortbank.no 1 redirects
15 4

This site contains links to these domains. Also see Links.

Domain
kortvett.no
www.sparebank1.no
Subject Issuer Validity Valid
kreditt.lofavor.no
R3		 2024-06-05 -
2024-09-03		 3 months crt.sh
sparebank1.no
DigiCert EV RSA CA G2		 2024-01-15 -
2025-01-24		 a year crt.sh

This page contains 2 frames:

Primary Page: https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Frame ID: 01002CDE1F3AD39E32B7E801902C9422
Requests: 5 HTTP requests in this frame

Frame: https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Frame ID: C4FA035B2BD2D98B827A00F16E3AE79A
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Kredittbanken Innlogging

Page URL History Show full URLs

  1. https://www.kortbank.no/ HTTP 302
    https://kreditt.lofavor.no/minside/ HTTP 302
    https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fmin... Page URL

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

1
Countries

929 kB
Transfer

1442 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.kortbank.no/ HTTP 302
    https://kreditt.lofavor.no/minside/ HTTP 302
    https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request logg-inn.html
kreditt.lofavor.no/minside/innlogging/
Redirect Chain
  • https://www.kortbank.no/
  • https://kreditt.lofavor.no/minside/
  • https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.230 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
kreditt.bnbank.no
Software
/
Resource Hash
854657b8427cf7fc72def4a5dad8b2bdc2245d962e552e0639c89e8682f1b8b6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-pnkyqFTBaVd4u8mM+XMoqQ' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
no-NO,no;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-language
no-NO
content-security-policy
default-src 'none'; script-src 'strict-dynamic' 'nonce-pnkyqFTBaVd4u8mM+XMoqQ' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
content-security-policy-report-only
default-src *.sparebank1.no; script-src *.sparebank1.no 'unsafe-inline' 'unsafe-eval' blob: sparebank1.d3.sc.omtrdc.net 'self'; style-src *.sparebank1.no 'unsafe-inline' 'self'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src *.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net 'self'; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data: 'self'; form-action *.sparebank1.no; object-src 'none'; report-uri https://www.sparebank1.no/logservlet/csp
content-type
text/html;charset=utf-8
date
Thu, 04 Jul 2024 02:26:42 GMT
expires
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
transfer-encoding
chunked
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options
nosniff
x-envoy-upstream-service-time
4
x-frame-options
DENY
x-xss-protection
0

Redirect headers

Strict-Transport-Security
max-age=31536000
content-length
0
date
Thu, 04 Jul 2024 02:26:42 GMT
location
https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
vary
Accept-Encoding
x-envoy-upstream-service-time
2
lo_favor_kortbilde.png
kreditt.lofavor.no/minside/innlogging/static/ 		602 KB
604 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kreditt.lofavor.no/minside/innlogging/static/lo_favor_kortbilde.png
Requested by
Host: kreditt.lofavor.no
URL: https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.230 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
kreditt.bnbank.no
Software
/
Resource Hash
bc91ac27e0eff7ff65a03cabb27f3db9f43212eb6ac4163f82e6581e842d3123
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-oIxksduzwXKVxL8/j9WORA' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:42 GMT
content-security-policy
default-src 'none'; script-src 'strict-dynamic' 'nonce-oIxksduzwXKVxL8/j9WORA' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
etag
"06d29e45860d2eb72a6df718af01c3cfb"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-security-policy-report-only
default-src *.sparebank1.no; script-src *.sparebank1.no 'unsafe-inline' 'unsafe-eval' blob: sparebank1.d3.sc.omtrdc.net 'self'; style-src *.sparebank1.no 'unsafe-inline' 'self'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src *.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net 'self'; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data: 'self'; form-action *.sparebank1.no; object-src 'none'; report-uri https://www.sparebank1.no/logservlet/csp
content-type
image/png
x-frame-options
DENY
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
4
accept-ranges
bytes
content-length
616363
x-xss-protection
0
/
login.kreditt.lofavor.no/ Frame C4FA 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Requested by
Host: kreditt.lofavor.no
URL: https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
de83a8663ba3d284e28e7e0c656f7fba179b5bb5dedd3d6953db5af9ce84fb93
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-CcR1VIzVDgnavcmhEkn6XQ' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://kreditt.lofavor.no/
X-Xss-Protection 0

Request headers

Accept-Language
no-NO,no;q=0.9;q=0.9
Referer
https://kreditt.lofavor.no/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-language
no-NO
content-length
1547
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-CcR1VIzVDgnavcmhEkn6XQ' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
content-type
text/html;charset=utf-8
date
Thu, 04 Jul 2024 02:26:42 GMT
etag
"0e46378a95d676ed60a00fe003eb6566b"
expires
0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-content-type-options
nosniff
x-envoy-upstream-service-time
11
x-frame-options
ALLOW-FROM https://kreditt.lofavor.no/
x-xss-protection
0
sparebank1.svg
kreditt.lofavor.no/minside/innlogging/static/ 		7 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kreditt.lofavor.no/minside/innlogging/static/sparebank1.svg
Requested by
Host: kreditt.lofavor.no
URL: https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.230 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
kreditt.bnbank.no
Software
/
Resource Hash
f8456eab9ba7cea59696a3397a96180d2ab6e49294a41c6f00eb41259fdb1099
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-BsPHgitCqpu8W7EtD4fefw' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:42 GMT
content-security-policy
default-src 'none'; script-src 'strict-dynamic' 'nonce-BsPHgitCqpu8W7EtD4fefw' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
etag
"07aa96703ad339f6ba30efdb3a89b259b"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-security-policy-report-only
default-src *.sparebank1.no; script-src *.sparebank1.no 'unsafe-inline' 'unsafe-eval' blob: sparebank1.d3.sc.omtrdc.net 'self'; style-src *.sparebank1.no 'unsafe-inline' 'self'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src *.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net 'self'; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data: 'self'; form-action *.sparebank1.no; object-src 'none'; report-uri https://www.sparebank1.no/logservlet/csp
content-type
image/svg+xml
x-frame-options
DENY
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
6959
x-xss-protection
0
lofavor.svg
kreditt.lofavor.no/minside/innlogging/static/ 		5 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://kreditt.lofavor.no/minside/innlogging/static/lofavor.svg
Requested by
Host: kreditt.lofavor.no
URL: https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.230 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
kreditt.bnbank.no
Software
/
Resource Hash
bd609ce99490be2211816269628fcf843b678e19522acfdfcd41fc90e4eb1ec1
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-YmiqJxxqRMkBAlBYxwnPmg' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:42 GMT
content-security-policy
default-src 'none'; script-src 'strict-dynamic' 'nonce-YmiqJxxqRMkBAlBYxwnPmg' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
etag
"0a3a63c15ec4e53ecdbbc4a3e81af7ed3"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-security-policy-report-only
default-src *.sparebank1.no; script-src *.sparebank1.no 'unsafe-inline' 'unsafe-eval' blob: sparebank1.d3.sc.omtrdc.net 'self'; style-src *.sparebank1.no 'unsafe-inline' 'self'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src *.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net 'self'; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data: 'self'; form-action *.sparebank1.no; object-src 'none'; report-uri https://www.sparebank1.no/logservlet/csp
content-type
image/svg+xml
x-frame-options
DENY
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
5199
x-xss-protection
0
loginapp.css
login.kreditt.lofavor.no/static/ Frame C4FA 		92 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Requested by
Host: login.kreditt.lofavor.no
URL: https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
4fc0cb834efd78d74548e8a97bbd7e216c67d1be40967ef06b56083d975f8ac8
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-ZC0Cez+V29L0OF25L06pmA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:42 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-ZC0Cez+V29L0OF25L06pmA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
Strict-Transport-Security
max-age=31536000
content-encoding
gzip
transfer-encoding
chunked
x-envoy-upstream-service-time
3
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
etag
"033b379e63f9e0be9b7e87156198f4ef1--gzip"
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
content-type
text/css
cache-control
max-age=60, must-revalidate, public
accept-ranges
bytes
loginapp.js
login.kreditt.lofavor.no/static/ Frame C4FA 		642 KB
190 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://login.kreditt.lofavor.no/static/loginapp.js?hash=a4cf97db20378a76c104
Requested by
Host: login.kreditt.lofavor.no
URL: https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
c644456930b8d0a64fe711134178bc5edad823f1f0b2e570e19aac8dcadd418d
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-gU+A0HIYjR3XrLLzauNHkw' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:42 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-gU+A0HIYjR3XrLLzauNHkw' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
Strict-Transport-Security
max-age=31536000
content-encoding
gzip
transfer-encoding
chunked
x-envoy-upstream-service-time
4
x-xss-protection
0
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
etag
"0268f66dfc6b8004c3aceeb31b69b68ba--gzip"
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
content-type
text/javascript
cache-control
max-age=60, must-revalidate, public
accept-ranges
bytes
statistikk.js
www.sparebank1.no/statistikk/ Frame C4FA 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.sparebank1.no/statistikk/statistikk.js
Requested by
Host: login.kreditt.lofavor.no
URL: https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.209 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
www.sparebank1.no
Software
istio-envoy /
Resource Hash
57d3470a7e6b464973b7975c7dcf6fe5b1139225afbdbdc4e0c614391fed8a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.kreditt.lofavor.no/
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://mobilbank-pm.sparebank1.no
date
Thu, 04 Jul 2024 02:26:42 GMT
Strict-Transport-Security
max-age=31536000
x-envoy-upstream-service-time
2
server
istio-envoy
transfer-encoding
chunked
content-type
application/javascript
init
login.kreditt.lofavor.no/api/app/session/ Frame C4FA 		241 B
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://login.kreditt.lofavor.no/api/app/session/init?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F&lang=nb
Requested by
Host: login.kreditt.lofavor.no
URL: https://login.kreditt.lofavor.no/static/loginapp.js?hash=a4cf97db20378a76c104
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
acb81b8cc43e4861624b220356d19a97c503f584e3fbe515dd737284fffc0c71
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-l1ajpFc/eXqZXYR36WrqGA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Accept
application/json
Referer
https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 04 Jul 2024 02:26:42 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-l1ajpFc/eXqZXYR36WrqGA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
Strict-Transport-Security
max-age=31536000
server
istio-envoy
vary
Accept-Encoding,Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
DENY
content-type
application/json
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-envoy-upstream-service-time
12
content-length
241
x-xss-protection
0
expires
0
SpareBank1-Regular-Web.d65aaba253542601cd1e.woff2
login.kreditt.lofavor.no/static/fonts/ Frame C4FA 		36 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.kreditt.lofavor.no/static/fonts/SpareBank1-Regular-Web.d65aaba253542601cd1e.woff2
Requested by
Host: login.kreditt.lofavor.no
URL: https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
ce76fadc5aa6c2c526765866945a882ecebc84237257274b970a3ba55f728748
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-lyRuhIuhRvbaKSAR/oE7FA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Origin
https://login.kreditt.lofavor.no
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:42 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-lyRuhIuhRvbaKSAR/oE7FA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
Strict-Transport-Security
max-age=31536000
etag
"079c94508d6f926bd4786b062863ec94b"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
content-type
font/woff2
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
37372
x-xss-protection
0
lofavor.ico
kreditt.lofavor.no/minside/innlogging/static/ 		4 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://kreditt.lofavor.no/minside/innlogging/static/lofavor.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.230 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
kreditt.bnbank.no
Software
/
Resource Hash
264c3d08011fe10ac0fb3fe46555ed6dc2d53d508f48b5bf46dcb2d80f176258
Security Headers
Name Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-Nz5hwggNkFG/xZlxnaD2Eg' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://kreditt.lofavor.no/minside/innlogging/logg-inn.html?goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:42 GMT
content-security-policy
default-src 'none'; script-src 'strict-dynamic' 'nonce-Nz5hwggNkFG/xZlxnaD2Eg' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
etag
"0999282445e15e71e74d7e48b7f4e2f51"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
content-security-policy-report-only
default-src *.sparebank1.no; script-src *.sparebank1.no 'unsafe-inline' 'unsafe-eval' blob: sparebank1.d3.sc.omtrdc.net 'self'; style-src *.sparebank1.no 'unsafe-inline' 'self'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src *.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net 'self'; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data: 'self'; form-action *.sparebank1.no; object-src 'none'; report-uri https://www.sparebank1.no/logservlet/csp
content-type
image/x-icon
x-frame-options
DENY
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
4
accept-ranges
bytes
content-length
3638
x-xss-protection
0
bankid-ikon.11d665aca340d32a0fd6.svg
login.kreditt.lofavor.no/static/images/ Frame C4FA 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.kreditt.lofavor.no/static/images/bankid-ikon.11d665aca340d32a0fd6.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
f099557dd1b7b65d5bb7a50dff729caabd77c576f8d686907196ae641ee8ff42
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-Va5+kfz2zrkqzssK/Gqo7w' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:43 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-Va5+kfz2zrkqzssK/Gqo7w' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
Strict-Transport-Security
max-age=31536000
etag
"047f589c5a7a94d28255da3a2ba144742"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
content-type
image/svg+xml
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
3454
x-xss-protection
0
bankid-mobil-ikon.f7a7fe933035e9f14f1b.svg
login.kreditt.lofavor.no/static/images/ Frame C4FA 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://login.kreditt.lofavor.no/static/images/bankid-mobil-ikon.f7a7fe933035e9f14f1b.svg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
d79664fca8ebee293b0e75a2257e08530e885bbe47295a907c92c59b728aec32
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-BhECx7C8jQTsmP8FxWHwnQ' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:43 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-BhECx7C8jQTsmP8FxWHwnQ' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
Strict-Transport-Security
max-age=31536000
etag
"0ed19fa0b692d4022688ed2ca2100519b"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.kreditt.lofavor.no/?app=kundefront-pm-kredittbanken&finInst=fid-kreditt&goto=https%3A%2F%2Fkreditt.lofavor.no%2Fminside%2F
content-type
image/svg+xml
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
4
accept-ranges
bytes
content-length
1932
x-xss-protection
0
SpareBank1-Medium-Web.d7924534ee746a22ba02.woff2
login.kreditt.lofavor.no/static/fonts/ Frame C4FA 		34 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://login.kreditt.lofavor.no/static/fonts/SpareBank1-Medium-Web.d7924534ee746a22ba02.woff2
Requested by
Host: login.kreditt.lofavor.no
URL: https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.201 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
login.sparebank1.no
Software
istio-envoy /
Resource Hash
85754d88ab577119d1c07094f6f3fd15c16a2b24e612b6935d701d654cd7af91
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-lY9Y5UZ9qVEtOjuKViBtWA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
Origin
https://login.kreditt.lofavor.no
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 04 Jul 2024 02:26:43 GMT
content-security-policy
default-src 'none'; img-src 'self' data: https://csfe.bankid.no https://statistikk.sparebank1.no; base-uri 'self'; font-src 'self' *.sparebank1.no data:; media-src 'self'; style-src 'self' 'unsafe-inline' 'report-sample' https://csfe.bankid.no https://services.bankid.no; object-src 'none'; script-src 'self' 'unsafe-inline' blob: *.sparebank1.no 'strict-dynamic' 'nonce-lY9Y5UZ9qVEtOjuKViBtWA' 'report-sample' 'unsafe-eval' https://csfe.bankid.no https://services.bankid.no https://www.sparebank1.no; report-uri https://www.sparebank1.no/logservlet/csp/enforce; form-action *.sparebank1.no; connect-src 'self' www.sparebank1.no *.demdex.net https://www.sparebank1.no; upgrade-insecure-requests; child-src https://csfe.bankid.no; frame-src https://csfe.bankid.no; frame-ancestors https://*.sparebank1.no https://*.dnbforsikring.no https://*.fremtind.no https://*.bnbank.no https://*.sbm.no https://*.lofavor.no https://*.coop.no https://kunde.sb1finans.no
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
istio-envoy
Strict-Transport-Security
max-age=31536000
etag
"085e620fd649baca0ff4080d50d203cb7"
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-frame-options
ALLOW-FROM https://login.kreditt.lofavor.no/static/loginapp.css?hash=820bdfa6ed5b1c6e8a27
content-type
font/woff2
cache-control
max-age=60, must-revalidate, public
x-envoy-upstream-service-time
3
accept-ranges
bytes
content-length
35052
x-xss-protection
0
/
www.sparebank1.no/statistikk/ Frame C4FA 		0
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.sparebank1.no/statistikk/
Requested by
Host: www.sparebank1.no
URL: https://www.sparebank1.no/statistikk/statistikk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.212.175.209 Drammen, Norway, ASN2119 (TELENOR-NEXTEL Telenor Norge AS, NO),
Reverse DNS
www.sparebank1.no
Software
istio-envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform
"Win32"
Referer
https://login.kreditt.lofavor.no/
Accept-Language
no-NO,no;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://login.kreditt.lofavor.no
date
Thu, 04 Jul 2024 02:26:43 GMT
Strict-Transport-Security
max-age=31536000
access-control-allow-credentials
true
x-envoy-upstream-service-time
2
server
istio-envoy
content-length
0

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 undefined| event object| fence object| sharedStorage object| SB1

5 Cookies

Domain/Path Name / Value
kreditt.lofavor.no/ Name: DSESSIONID
Value: B2FF94AB.DAF8.66860861
.kreditt.lofavor.no/ Name: csrf
Value: f4TWueYZwOo8cAcYIj6ifDJIn8NxyN1R0e2PxPsHnK8
.lofavor.no/ Name: Spor
Value: 99e48de8-b605-408e-987d-a7b447a3862f
login.kreditt.lofavor.no/ Name: SESSION
Value: ZmUzYjBiYjYtNjFmOC00Y2IzLWE1MDctMzBmYzMyNTAxMmFl
login.kreditt.lofavor.no/ Name: DSESSIONID
Value: B2FF94AB.9666.66860862

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; script-src 'strict-dynamic' 'nonce-pnkyqFTBaVd4u8mM+XMoqQ' 'report-sample' 'unsafe-eval' 'self' 'unsafe-inline' blob: www.sparebank1.no sparebank1.d3.sc.omtrdc.net; style-src 'self' 'unsafe-inline' 'report-sample'; img-src 'self' chat.sparebank1.no data: *.boost.ai sparebank1.d3.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.ytimg.com; connect-src 'self' www.sparebank1.no chat.sparebank1.no *.boost.ai dpm.demdex.net sparebank1.d3.sc.omtrdc.net adobedc.demdex.net edge.adobedc.net; frame-src *.sparebank1.no sb1mobilbank: sb1-mobilbank: sparebank1.demdex.net www.youtube.com player.vimeo.com login.bnbank.no login.kreditt.coop.no login.kreditt.sbm.no login.kreditt.lofavor.no; frame-ancestors 'none'; font-src *.sparebank1.no data:; form-action *.sparebank1.no; media-src 'self'; object-src 'none'; base-uri 'self'; upgrade-insecure-requests; report-uri https://www.sparebank1.no/logservlet/csp/enforce
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0