bank.marksandspencer.com Open in urlscan Pro
193.108.76.36 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.marksandspencer.com/bank
Effective URL:
https://bank.marksandspencer.com/
Submission: On February 19 via manual (February 19th 2021, 12:16:49 pm UTC) from GB

Summary HTTP 90 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 9 IPs in 3 countries across 6 domains to perform 90 HTTP transactions. The main IP is 193.108.76.36, located in Woolwich, United Kingdom and belongs to HSBC-UK, GB. The main domain is bank.marksandspencer.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on July 17th 2020. Valid for: a year.

This is the only time bank.marksandspencer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	23.79.128.10 23.79.128.10	16625 (AKAMAI-AS) (AKAMAI-AS)
59	193.108.76.36 193.108.76.36	20705 (HSBC-UK) (HSBC-UK)
6	23.79.129.43 23.79.129.43	16625 (AKAMAI-AS) (AKAMAI-AS)
2	178.249.101.23 178.249.101.23	11054 (LIVEPERSON) (LIVEPERSON)
13	91.214.5.197 91.214.5.197	20705 (HSBC-UK) (HSBC-UK)
1	13.226.159.121 13.226.159.121	16509 (AMAZON-02) (AMAZON-02)
2	178.249.101.99 178.249.101.99	11054 (LIVEPERSON) (LIVEPERSON)
3	34.217.242.192 34.217.242.192	16509 (AMAZON-02) (AMAZON-02)
2	178.249.97.98 178.249.97.98	11054 (LIVEPERSON) (LIVEPERSON)
2	178.249.97.70 178.249.97.70	11054 (LIVEPERSON) (LIVEPERSON)
90	9

2 23.79.128.10 (Frankfurt am Main, Germany) 2 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-128-10.deploy.static.akamaitechnologies.com

www.marksandspencer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

59 193.108.76.36 (Woolwich, United Kingdom)

ASN20705 (HSBC-UK, GB)

bank.marksandspencer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.79.129.43 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-79-129-43.deploy.static.akamaitechnologies.com

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.101.23 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 91.214.5.197 (Romford, United Kingdom)

ASN20705 (HSBC-UK, GB)

comshub-msb.marksandspencer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.226.159.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-159-121.dus51.r.cloudfront.net

cdn.appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.101.99 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: am-accdn.lpsnmedia.net

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.217.242.192 (United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-217-242-192.us-west-2.compute.amazonaws.com

col.eum-appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.98 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo-lpcdn.lpsnmedia.net

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.97.70 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo.v.liveperson.net

lo.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
74	marksandspencer.com 2 redirects www.marksandspencer.com bank.marksandspencer.com comshub-msb.marksandspencer.com	809 KB
6	tiqcdn.com tags.tiqcdn.com	236 KB
4	lpsnmedia.net accdn.lpsnmedia.net lpcdn.lpsnmedia.net	33 KB
4	liveperson.net lptag.liveperson.net lo.v.liveperson.net	106 KB
3	eum-appdynamics.com col.eum-appdynamics.com	3 KB
1	appdynamics.com cdn.appdynamics.com	20 KB
90	6

	Domain	Requested by
59	bank.marksandspencer.com	bank.marksandspencer.com tags.tiqcdn.com
13	comshub-msb.marksandspencer.com	bank.marksandspencer.com tags.tiqcdn.com
6	tags.tiqcdn.com	bank.marksandspencer.com tags.tiqcdn.com
3	col.eum-appdynamics.com	cdn.appdynamics.com
2	lo.v.liveperson.net	lptag.liveperson.net
2	lpcdn.lpsnmedia.net	lptag.liveperson.net
2	accdn.lpsnmedia.net	lptag.liveperson.net
2	lptag.liveperson.net	tags.tiqcdn.com
2	www.marksandspencer.com	2 redirects
1	cdn.appdynamics.com	bank.marksandspencer.com
90	10

This site contains links to these domains. Also see Links.

Domain
marksandspencer.insure-systems.co.uk
lifeinsurance.marksandspencer.com
marksandspencertravelins.myclaimshub.co.uk
www.marksandspencer.com
www7.marksandspencer.com

Subject Issuer	Validity	Valid
BANK.MARKSANDSPENCER.COM DigiCert SHA2 Extended Validation Server CA	`2020-07-17` - `2021-08-20`	a year	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2020-03-16` - `2021-06-15`	a year	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-05-30` - `2022-05-30`	2 years	crt.sh
comshub-msb.marksandspencer.com DigiCert SHA2 Secure Server CA	`2020-03-11` - `2021-04-02`	a year	crt.sh
*.appdynamics.com DigiCert SHA2 Secure Server CA	`2020-05-17` - `2021-07-22`	a year	crt.sh
*.lpsnmedia.net COMODO RSA Organization Validation Secure Server CA	`2018-02-26` - `2021-02-25`	3 years	crt.sh
*.eum-appdynamics.com DigiCert SHA2 Secure Server CA	`2020-05-10` - `2021-07-15`	a year	crt.sh
*.v.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2020-04-13` - `2022-04-13`	2 years	crt.sh

This page contains 2 frames:

Primary Page: https://bank.marksandspencer.com/
Frame ID: DF1BF24753303F84C1FBC456D3EFF3F9
Requests: 89 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/storage.secure.min.html?loc=https%3A%2F%2Fbank.marksandspencer.com&site=88016402&env=prod
Frame ID: D418EE6C09FBEBB31ACE4D6760597868
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://www.marksandspencer.com/bank HTTP 301
https://www.marksandspencer.com/bank HTTP 301
https://bank.marksandspencer.com/ Page URL

Detected technologies

Mustache (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /mustache(?:\.min)?\.js/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Tealium (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

90
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1204 kB
Transfer

2589 kB
Size

7
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://marksandspencer.insure-systems.co.uk/SelfService/Security/Login/LoginRegister
Title: Log in to your account (link opens in a tab)

Search URL Search Domain Scan URL

URL: https://lifeinsurance.marksandspencer.com/Client/Login/
Title: Log in to your account

Search URL Search Domain Scan URL

URL: https://marksandspencertravelins.myclaimshub.co.uk/claim
Title: Make a travel insurance claim

Search URL Search Domain Scan URL

URL: https://www.marksandspencer.com/
Title: Shop M&S(opens in a new window)

Search URL Search Domain Scan URL

URL: https://lifeinsurance.marksandspencer.com/Client/Login
Title: Lifeinsurance (opens in a new window)(opens in a new window)

Search URL Search Domain Scan URL

URL: https://www7.marksandspencer.com/security/
Title: Sign into internet banking (opens in a new window)

Search URL Search Domain Scan URL

URL: https://www7.marksandspencer.com/1/2/?idv_cmd=idv.Logoff&nextPage=msb.sc.registerlanding
Title: Registerfor internet banking (opens in a new window)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.marksandspencer.com/bank HTTP 301
https://www.marksandspencer.com/bank HTTP 301
https://bank.marksandspencer.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

90 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
bank.marksandspencer.com/
Redirect Chain

http://www.marksandspencer.com/bank
https://www.marksandspencer.com/bank
https://bank.marksandspencer.com/

33 KB
7 KB

268ms
46ms

Document
text/html

193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e18553629dc0faeee77e91463213d8a5e29c82a6e450f3ba00dd92f464d35c06

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: bank.marksandspencer.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: bm_sz=0F564A13551D7322675AEAD75574AB7D~YAAQ92QRAkzLObl3AQAAMko4ugpZ4A79Pd5/r4Mk1PsyKNuuqZCrqVOcLjCn3v2chPWwkUOJ5rUGhl0X9uH0qJc0VB58A8cMdOnbu8bPYF+FKLzH4KZ3VRWY4jp0G1PVQ0fpvXzX5XCv9qScohWOJBNVKyOI2ldA7WFpxnOxJByVbic/236vZdDy0FL/syjT1kXgZyzHdDc=; _abck=B0E8FB45A875155FE2429EEA017363C0~-1~YAAQ92QRAk3LObl3AQAAM0o4ugXIRk21heTj+VODXQTuKBLPC8EiIs8DZij7VeJqjesUvkuSj4Yyx0V7PGXfCwxB+FkgyieiUNESg2pP/UDznJmPbAJGQNEELyCvDtUnyh7DidiFk0fPYtNtrb20YtWKUukI6o+8QVsZlk0bYLsmh6BYuN5IBAca5gGfpOOJ/BgntTAFNqKWz0XQ7loCTeAzmWZiM3aKCQ6OVW0guhkB5edxoD+UU6rNd+05ulZVYlZuUCJCiN8Whdnllk+P90fUeZ2zMtxUgzE87Kcb~-1~-1~-1; ak_bmsc=8E2A7C9C8C55830EC3B2FA443ACB1EB1021164E70C6000001BAC2F60EE90681A~pl1nIfJNoR2hq2mCLiqNEKojIH26Viu1jJ40vsZmwECrLaWYQvkPjE5DMwM/ZLf/ktocOs1lLxXTka9xk1tSz0EL8jDgj3PA2ASjr2Mt4FyUBUN2ICAZtl/7ZjF7b1OX3YfKFyGHswW5o4bkloTXQLMp6Ma1TH8XQlQjAu/XzSiYh4MLEvBkWPSzVxoDyAHxeLcfEXySosHeXDVs66OK1zMWndcsmL532ljIpwPku1VL/5Bwyc/Kap4I/2+LsnDHqt
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Cache-Control: max-age=86400,no-cache, no-store, must-revalidate
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Wed, 17 Feb 2021 16:06:24 GMT
Accept-Ranges: bytes
ETag: "00c8d6465d71:0"
Vary: Accept-Encoding
Server
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Date: Fri, 19 Feb 2021 12:15:36 GMT
Content-Length: 6256

Redirect headers

x-frame-options: SAMEORIGIN SAMEORIGIN
location: https://bank.marksandspencer.com
content-length: 0
expires: Thu, 01 Dec 1994 16:00:00 GMT
cache-control: no-cache="set-cookie, set-cookie2"
ttfb: D=4617
x-ua-compatible: IE=Edge,chrome=1
content-type: text/html; charset=UTF-8
content-language: en-US
date: Fri, 19 Feb 2021 12:16:27 GMT
set-cookie: Apache=ca14d294.5bbaf6be46e39; path=/ JSESSIONID=0000kxlrjnpMTf7uNun1F9kMo7I:-1; Path=/; HttpOnly WC_PERSISTENT=ZJe3PTHpgGdscIQ4b7obI1QtcwkZHe11fGzcMtgHbf8%3D%3B2021-02-19+12%3A16%3A27.353_1613736987353-182873_0; HTTPOnly; Expires=Wed, 18-Aug-21 12:16:27 GMT; Path=/ MS_REDIRECT_COOKIE=bank; Path=/ ak_bmsc=8E2A7C9C8C55830EC3B2FA443ACB1EB1021164E70C6000001BAC2F60EE90681A~pl1nIfJNoR2hq2mCLiqNEKojIH26Viu1jJ40vsZmwECrLaWYQvkPjE5DMwM/ZLf/ktocOs1lLxXTka9xk1tSz0EL8jDgj3PA2ASjr2Mt4FyUBUN2ICAZtl/7ZjF7b1OX3YfKFyGHswW5o4bkloTXQLMp6Ma1TH8XQlQjAu/XzSiYh4MLEvBkWPSzVxoDyAHxeLcfEXySosHeXDVs66OK1zMWndcsmL532ljIpwPku1VL/5Bwyc/Kap4I/2+LsnDHqt; expires=Fri, 19 Feb 2021 14:16:27 GMT; max-age=7200; path=/; domain=.marksandspencer.com; HttpOnly akavpau_www=1613737587~id=3c8bc96306a2b43dd5333611afb25188; Path=/; Secure; SameSite=None
x-clacks-overhead: GNU Terry Pratchett
strict-transport-security: max-age=15768000

GET
H/1.1 200
OK reset.css
bank.marksandspencer.com/styles/ 1 KB
1 KB 47ms
45ms Stylesheet
text/css 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/reset.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

c1381fac7ac6e67d833cde753fec2a207cc29863acc3a54ecc80775c5d66243b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 768
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:01:20 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "c3d5ad56db5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_masthead.css
bank.marksandspencer.com/styles/ 21 KB
4 KB 93ms
46ms Stylesheet
text/css 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_masthead.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

30002a98abe75756838f88dc317a340825ec2ef95d31918a126b97945e8f2879

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3606
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 14 Dec 2020 10:07:15 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "80cbb9e50d2d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_footer.css
bank.marksandspencer.com/styles/ 2 KB
1 KB 144ms
56ms Stylesheet
text/css 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_footer.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

4d3dc6a3b95b9ad69468248906dfadea2b2a2e49ec9a939e2b3710f035ffa8e4

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 669
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 02 Oct 2020 10:32:13 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "23928f4aa798d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_body.css
bank.marksandspencer.com/styles/ 98 KB
13 KB 216ms
128ms Stylesheet
text/css 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_body.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

1e92df628740b9a0747ba5b23c739286a98e430272eee46d65e7a6f62edcb59d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 12590
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 11 Dec 2020 13:41:47 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "80dfcb5ec3cfd61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_fonts.css
bank.marksandspencer.com/styles/ 41 KB
5 KB 168ms
79ms Stylesheet
text/css 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_fonts.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

724b5b3259e8ee735c6dfa7b97cc0c2e58ffc8c78b02cb5d00a5f8d34dfff352

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4687
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 13 Jan 2017 11:25:33 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "8074d3c08f6dd21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_global.css
bank.marksandspencer.com/styles/ 54 KB
9 KB 169ms
81ms Stylesheet
text/css 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_global.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

6cfe1e589a8b7e7578ebc02a622a50a5b2e053e9b36da407778d365e1bcbcdba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 8299
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 02 Sep 2020 14:25:23 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "80cbbee43481d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK adrum.js Show response
bank.marksandspencer.com/script/ 68 KB
21 KB 203ms
112ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/adrum.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

982e3986bcc4d98f466b329d6cbb3f5f0ad6310f6493244075e0b6355f205274

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 21087
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 06 Nov 2018 13:52:31 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "80f939f6d775d41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK modernizr-min.js Show response
bank.marksandspencer.com/script/ 15 KB
7 KB 145ms
52ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/modernizr-min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e8614c709a86f38b9a0a553561e4deb3bfb673b4b6ca515b3241f9cbb29a45ed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 6297
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:00:26 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0714236db5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK jquery-3.1.1.min.js Show response
bank.marksandspencer.com/script/ 85 KB
30 KB 236ms
92ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/jquery-3.1.1.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

70dae469f94f214b589d53521b903830a08b4fb589d47a4c269a83c79116886a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 30170
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 02 Dec 2020 15:45:53 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "808e3d37c2c8d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/ 4 KB
1 KB 98ms
37ms Script
application/x-javascript 23.79.129.43
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.sync.js
Requested by: Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.129.43 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-129-43.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f67e9063197eb43e11b1bbe34c9a2249c7cdd16efe22d345c87c2470789c520b

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:27 GMT
content-encoding: gzip
last-modified: Mon, 23 Nov 2020 20:12:09 GMT
server: AkamaiNetStorage
etag: "53a429cd431e8bbaa79e1d6d65d7f10a:1606162329.720104"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
content-length: 1116
expires: Fri, 19 Feb 2021 12:21:27 GMT

GET
H/1.1 200
OK mands_menu_object.json Show response
bank.marksandspencer.com/data/ 49 KB
5 KB 92ms
92ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/data/mands_menu_object.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

9354c6fa3f1b03432bd8804700eb8aa3821f585f24cb2d4a804c6268160e2ca2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4807
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 11 Jan 2021 16:08:40 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: max-age=86400
ETag: "0348f634e8d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK MSB_Logo_Black.png
bank.marksandspencer.com/images/content/ 3 KB
3 KB 46ms
45ms Image
image/png 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/content/MSB_Logo_Black.png

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

66f03426203ededebb1db0a7cb7aec7bf7c28ac1bd0f311d5a03819357419495

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 23 Oct 2020 10:22:44 GMT
Server
ETag: "17e9647226a9d61:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Fri, 19 Feb 2021 12:15:36 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 2808
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK car-ins-dashboard.jpg
bank.marksandspencer.com/images/backgrounds/ 91 KB
92 KB 57ms
56ms Image
image/jpeg 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/car-ins-dashboard.jpg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

ca1fad97eecd5c23eb2a7fddbfe378b3528da9ebbfd4b6c3235281407345c4dc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 15 Feb 2021 11:31:54 GMT
Server
ETag: "daa629298e3d71:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Fri, 19 Feb 2021 12:15:36 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 93479
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK cc-cards.svg
bank.marksandspencer.com/images/icons/ 2 KB
2 KB 47ms
46ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/cc-cards.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

9824fc7bd58b70fdea8b3d10357948530741c74155a49359aafc33a1b78ba1ec

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1565
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 17 Feb 2021 16:01:32 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "5d39e428465d71:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK coins-pound--black.svg
bank.marksandspencer.com/images/icons/ 1 KB
1 KB 47ms
45ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/coins-pound--black.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

ac05d370b28be00eb0395d86858450cd3727a7170c40b33bdb157b33c5d73445

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 769
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 05 Feb 2021 14:07:23 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "58dc73ac8fbd61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK home--black.svg
bank.marksandspencer.com/images/icons/ 503 B
1 KB 46ms
45ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/home--black.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

2d90eec8dc0a50ba2582283e59c099d64c38035eadf8eb98126f47c38a3f5202

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 484
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 05 Feb 2021 14:07:46 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:36 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "22627547c8fbd61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK phone--black-pound.svg
bank.marksandspencer.com/images/icons/ 705 B
1 KB 211ms
50ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/phone--black-pound.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

501a2d60e52a848c8231ba53d012fbbc12f670e7c92796cc54f8cbc722aefaea

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 609
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 05 Feb 2021 14:08:19 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "921d205bc8fbd61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mobile--green.svg
bank.marksandspencer.com/images/icons/ 2 KB
2 KB 156ms
57ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/mobile--green.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

6cfa4da312762417929bc2f89f586dd658c555946b30cfffb2b08b00a6fea407

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1540
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 15 Jul 2020 10:22:08 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "0c834cb915ad61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mandsbank-logo-square.svg
bank.marksandspencer.com/images/icons/ 2 KB
2 KB 155ms
56ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/mandsbank-logo-square.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

8684c695cbaed3a81d715d7438945e5611e779e9faf72e267de69497e069517a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1411
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 16 Jul 2020 15:42:04 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "6665ea7875bd61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK livechat--black.svg
bank.marksandspencer.com/images/icons/ 1 KB
1 KB 138ms
51ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/livechat--black.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

b740ff2e1d12bb961e1dc2a07ab8cc5e88972ab073bdf1af80f898ce85d4ed66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 713
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 03 Jun 2020 17:09:44 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "2887f3c6c939d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK FSCS_999x243px.png
bank.marksandspencer.com/images/ 327 KB
327 KB 211ms
124ms Image
image/png 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/FSCS_999x243px.png

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

7a255f0ba8e99b68fd908cc373a3f56cb6b44da9f7800f552294ab14a2fe5ac7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 20 May 2019 09:34:54 GMT
Server
ETag: "4616e547efed51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Fri, 19 Feb 2021 12:15:37 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 334763
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK default-1.1.js Show response
bank.marksandspencer.com/script/ 6 KB
2 KB 152ms
61ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/default-1.1.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

af7842e6450d9905ff1e5d7c8e782bdb313811dc8a0c9469cdd79192e02b483b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1544
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 02 Dec 2020 14:57:59 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "80f53386bbc8d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK print.css
bank.marksandspencer.com/styles/ 1 KB
1 KB 52ms
52ms Stylesheet
text/css 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/print.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

a6df6c2664bada199c4946ff58fec8e95f240eee85f28e78a60493c440fcdaa9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 795
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:01:19 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "626a4956db5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/hsbc/lib-sync/prod/ 439 KB
142 KB 38ms
37ms Script
application/x-javascript 23.79.129.43
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/lib-sync/prod/utag.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.sync.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.129.43 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-129-43.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c48acdb9b7d94248b474d050bff62bfbc0add2f14342e25a4775ece5e95a73f5

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:27 GMT
content-encoding: gzip
last-modified: Thu, 11 Feb 2021 19:15:51 GMT
server: AkamaiNetStorage
etag: "5269a79665ffe231b98d89e3d8ee5c71:1613070951.442236"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Fri, 19 Feb 2021 12:21:27 GMT

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/ 286 KB
75 KB 86ms
85ms Script
application/x-javascript 23.79.129.43
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.js
Requested by: Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.129.43 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-129-43.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8f0994a7adb677e7c2488d0c5720e1e3acbd91f65bd4d4b3b758f3fd22f094fc

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:27 GMT
content-encoding: gzip
last-modified: Mon, 23 Nov 2020 20:12:06 GMT
server: AkamaiNetStorage
etag: "9b0b7ea5b69e3bd94ba2dc34a7017c87:1606162326.163326"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=300
accept-ranges: bytes
expires: Fri, 19 Feb 2021 12:21:27 GMT

GET
H/1.1 200
OK nav_lock.png
bank.marksandspencer.com/images/background/ 342 B
935 B 135ms
51ms Image
image/png 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/background/nav_lock.png

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_masthead.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

ab30bb0fb492a9008aca0a6e27872308a54181be4251f44c9d9a68a72a496a4f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_masthead.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 10 Jan 2017 07:14:00 GMT
Server
ETag: "d85aef1d116bd21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Fri, 19 Feb 2021 12:15:37 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 342
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK button-cta_arrow.svg
bank.marksandspencer.com/images/css_images/ 592 B
1 KB 155ms
56ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/button-cta_arrow.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_body.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

2e31ef2b77c95bf86e070e73b6e7f190cfd35608ae6eca901530d989a673fbcd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_body.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 476
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 07 Sep 2020 13:06:26 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "0b556b11785d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_facebook_white.svg
bank.marksandspencer.com/images/css_images/ 563 B
1 KB 152ms
61ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_facebook_white.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_footer.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

3985a7ff117a087c2b7c408042206916e648318da33678a1b955e9dc94714206

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 529
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 07 Sep 2020 13:06:26 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "0b556b11785d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_facebook_white_hover.svg
bank.marksandspencer.com/images/css_images/ 563 B
1 KB 135ms
49ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_facebook_white_hover.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_footer.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

256b71d550df44d6fb6f683e12cd5183771d2819070ecd297c93e34682600c4f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 533
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 07 Sep 2020 13:06:26 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "0b556b11785d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_twitter_white.svg
bank.marksandspencer.com/images/css_images/ 822 B
1 KB 83ms
48ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_twitter_white.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_footer.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

5e2356aea10a306f9e90ffca3b7017f41f170e0735be6d84e076ab4a97725041

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 682
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 07 Sep 2020 13:06:26 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "0b556b11785d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_twitter_white_hover.svg
bank.marksandspencer.com/images/css_images/ 822 B
1 KB 100ms
49ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_twitter_white_hover.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_footer.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

b329ee9656a60d6d147530a52d978a8503ae839102bfda325cf1491e7f94f4d3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 685
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 07 Sep 2020 13:06:26 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "0b556b11785d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK padlock-dark.svg
bank.marksandspencer.com/images/css_images/ 2 KB
2 KB 146ms
53ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/padlock-dark.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_footer.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

fe484ecacdab2953a802cddfa3784bf400e8bbcc673c884db65e492fed747f9d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1419
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 07 Sep 2020 13:06:26 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "0b556b11785d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK V_Mobile.svg
bank.marksandspencer.com/images/icons/black/ 455 B
1 KB 137ms
44ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/black/V_Mobile.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_footer.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

8ac18425e82ec22ef35b5607d2b312f583af68f9226a1ca875a756bf49db3541

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 421
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 22 Jul 2020 17:05:52 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "c2f23d5b4a60d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK 36ccb1c7-c10c-4165-851f-a7fc4bfc0fe3.woff
bank.marksandspencer.com/fonts/ 23 KB
23 KB 358ms
324ms Font
font/x-woff 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/fonts/36ccb1c7-c10c-4165-851f-a7fc4bfc0fe3.woff

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/styles/content_pws_fonts.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

2b0bb367c06d59c201f4201566702bebbac2d8714684e239179ed4f41e229673

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Origin: https://bank.marksandspencer.com
Referer: https://bank.marksandspencer.com/styles/content_pws_fonts.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
X-Content-Type-Options: nosniff
Last-Modified: Mon, 14 Mar 2016 12:35:35 GMT
Server
ETag: "c45db01ee7dd11:0"
X-Frame-Options: SAMEORIGIN
Content-Type: font/x-woff
Expires: Wed, 01 Jan 2020 00:00:00 GMT
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 23153
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 utag.91.js Show response
tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/ 2 KB
1 KB 46ms
45ms Script
application/x-javascript 23.79.129.43
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.91.js?utv=ut4.39.201810230522
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.129.43 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-129-43.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9ac8629151934e9fa104de115d50965739de7cb808b081194f245e24330c3a79

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:28 GMT
content-encoding: gzip
last-modified: Mon, 25 Mar 2019 14:20:58 GMT
server: AkamaiNetStorage
etag: "2772315b5591ccd8fda8562a0e38dafb:1553523658"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 992
expires: Sat, 06 Mar 2021 12:16:28 GMT

GET
H2 200 utag.220.js Show response
tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/ 36 KB
11 KB 54ms
54ms Script
application/x-javascript 23.79.129.43
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.220.js?utv=ut4.39.201911111425
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.129.43 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-129-43.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 22d36a421349213f61df761dda273340ab4e2d15141e781c239ef863de3f9868

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:28 GMT
content-encoding: gzip
last-modified: Wed, 24 Jun 2020 13:03:38 GMT
server: AkamaiNetStorage
etag: "ee295bf7b351aae773531f681c743dc9:1593003818.655849"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 10937
expires: Sat, 06 Mar 2021 12:16:28 GMT

GET
H2 200 utag.365.js Show response
tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/ 15 KB
5 KB 47ms
46ms Script
application/x-javascript 23.79.129.43
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.365.js?utv=ut4.39.202009231335
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.79.129.43 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-79-129-43.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 56610062e434f484912f01779bff1227ccf09655e2c88fed7bc1511c128ca8e4

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:28 GMT
content-encoding: gzip
last-modified: Wed, 23 Sep 2020 13:36:15 GMT
server: AkamaiNetStorage
etag: "31ec93d6d12b7e80c42260d011c6c8a7:1600868175.018116"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 5121
expires: Sat, 06 Mar 2021 12:16:28 GMT

GET
H/1.1 200
OK mands.virtual-assistant.js Show response
bank.marksandspencer.com/widgets/virtual-assistant/ 25 KB
8 KB 160ms
79ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/widgets/virtual-assistant/mands.virtual-assistant.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

ce7a43130d19ece60a30b05fd8947f878b978e76d8c869968407d176c0235a38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 7455
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 13 Nov 2019 09:05:37 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "8068d8319ad51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 21 KB
8 KB 113ms
32ms Script
application/javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/tag/tag.js?site=88016402
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.365.js?utv=ut4.39.202009231335
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:28 GMT
content-encoding: gzip
last-modified: Thu, 03 Sep 2020 08:27:49 GMT
server: ws
etag: "5f50a905-1d8f"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 7567

POST
H/1.1 200
OK session.json Show response
comshub-msb.marksandspencer.com/2926/handler9/ 1 KB
2 KB 255ms
55ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/handler9/session.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

2a8e84faa056425ad41953f6c63d60d08c8e740cc6f6a976b6dfc00bae7e973c

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:28 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=100
Content-Length: 1384

GET
H/1.1 200
OK JavascriptInsert.js Show response
comshub-msb.marksandspencer.com/ 95 KB
35 KB 261ms
58ms Script
application/x-javascript 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/JavascriptInsert.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.220.js?utv=ut4.39.201911111425

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

b208495a1d011e584beeb11f75d657f8e7a74219f8e24cd72c021d1af756f60e

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Fri, 19 Feb 2021 12:16:28 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Tue, 02 Apr 2019 06:24:37 GMT
Server: Apache
ETag: 058a3bdbfe2c30b5215d84bb10fe6d0e
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Type: application/x-javascript
Cache-Control: max-age=900, s-maxage=900
Connection: Keep-Alive
S: LWSMNS01UK
Vary: Accept-Encoding
Content-Length: 35581
Keep-Alive: timeout=5, max=100

GET
H/1.1 200
OK mands.js
bank.marksandspencer.com/script/src/ 11 KB
11 KB 92ms
52ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3849
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 04 Feb 2019 11:46:50 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0319e507fbcd41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK browser-detect-min.js
bank.marksandspencer.com/script/ 4 KB
4 KB 107ms
50ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/browser-detect-min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 2026
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:00:10 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "09b92cdb5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.focus.js
bank.marksandspencer.com/script/src/ 3 KB
3 KB 97ms
51ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.focus.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1073
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 15 Apr 2016 13:30:16 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0e444f21a97d11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.sourcecode.js
bank.marksandspencer.com/widgets/source_code/js/ 4 KB
4 KB 86ms
49ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/widgets/source_code/js/mands.sourcecode.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1324
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 01 Jul 2020 15:42:29 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "802083abe4fd61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.match-height.js
bank.marksandspencer.com/script/src/ 12 KB
12 KB 91ms
50ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.match-height.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3108
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 23 Aug 2017 15:44:12 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "06e93aa261cd31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.versionchecker.js
bank.marksandspencer.com/script/src/ 422 B
422 B 73ms
45ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.versionchecker.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 350
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 12 Mar 2020 15:27:34 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "e6f2f6c082f8d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.menu.js
bank.marksandspencer.com/script/src/ 26 KB
26 KB 58ms
50ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.menu.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4715
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 11 Jan 2021 16:00:46 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "08b8ec32e8d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mustache.min.js
bank.marksandspencer.com/script/ 9 KB
9 KB 65ms
49ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/mustache.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 2809
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 25 Jan 2018 12:01:14 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0e1b132d495d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.backgroundify.js
bank.marksandspencer.com/script/src/ 2 KB
2 KB 60ms
55ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.backgroundify.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 806
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Jan 2020 13:54:31 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "2f9e7cb74d7d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK plugins_1.1.min.js
bank.marksandspencer.com/script/plugins/ 22 KB
22 KB 48ms
47ms Image
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/plugins/plugins_1.1.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4946
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 30 Nov 2020 12:08:00 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0904c7211c7d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.js Show response
bank.marksandspencer.com/script/src/ 11 KB
4 KB 49ms
48ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

a7d432f36c40fe5c0262823107d36c99969abc22bc926f367f3c93c2a7ce9752

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3849
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 04 Feb 2019 11:46:50 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0319e507fbcd41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 99 B
806 B 53ms
52ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

ce54a78e2210034dc41c969f4cc61178b2f443b415e6fd5fde19e9c44bbc3354

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:28 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=99
Content-Length: 99

GET
H/1.1 200
OK browser-detect-min.js Show response
bank.marksandspencer.com/script/ 4 KB
3 KB 47ms
46ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/browser-detect-min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

c2bfae428081009a33826ce5ec4e93b671a8de96fd063192bc9e00fdc00692d9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 2026
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:00:10 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "09b92cdb5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.focus.js Show response
bank.marksandspencer.com/script/src/ 3 KB
2 KB 48ms
46ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.focus.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

f31ddafef29bd2e57f5e64bb199ac1c865a600670c2272496830e0bf7d03f24c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1073
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 15 Apr 2016 13:30:16 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0e444f21a97d11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.sourcecode.js Show response
bank.marksandspencer.com/widgets/source_code/js/ 4 KB
2 KB 47ms
46ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/widgets/source_code/js/mands.sourcecode.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

e10a71a1c113d23d2bc2a66e8f3314680e1e10df9058babeddf8314920468b38

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1324
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 01 Jul 2020 15:42:29 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "802083abe4fd61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 100 B
685 B 55ms
54ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

6ad88752fd80309e230e3f121af90f288936c75a521e1e4d47606ef1b05ccaec

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:28 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=98
Content-Length: 100

GET
H/1.1 200
OK mands.match-height.js Show response
bank.marksandspencer.com/script/src/ 12 KB
4 KB 48ms
46ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.match-height.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

7c8f3e046fc811027569f7e70c4ce9b28b26c740fc26d8ae6b999a2de59dcfce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3108
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 23 Aug 2017 15:44:12 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "06e93aa261cd31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.versionchecker.js Show response
bank.marksandspencer.com/script/src/ 422 B
992 B 46ms
46ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.versionchecker.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

b4f2b540ef0060ecfcd605c6be1d454d5fc36bc4b85720e9002222abb0b30e1a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 350
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 12 Mar 2020 15:27:34 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "e6f2f6c082f8d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.menu.js Show response
bank.marksandspencer.com/script/src/ 26 KB
5 KB 50ms
48ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.menu.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

1a6b63673f577ea6470358583337c75f46a1042e9e09c2f5f3deec339388a550

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4715
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 11 Jan 2021 16:00:46 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:37 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "08b8ec32e8d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mustache.min.js Show response
bank.marksandspencer.com/script/ 9 KB
3 KB 48ms
46ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/mustache.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

fdd131c764471b2262b55f468fb26d0da0bd53357238566b2b7939843b82d191

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 2809
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 25 Jan 2018 12:01:14 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:38 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0e1b132d495d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.backgroundify.js Show response
bank.marksandspencer.com/script/src/ 2 KB
1 KB 46ms
45ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.backgroundify.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

6558b6faf8be1fb3747d24750f2bbbd477c53b7f05663aad6fb67288a1afd064

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 806
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Jan 2020 13:54:31 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:38 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "2f9e7cb74d7d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK plugins_1.1.min.js Show response
bank.marksandspencer.com/script/plugins/ 22 KB
5 KB 48ms
47ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/plugins/plugins_1.1.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

15b3176b44aa81878d3bb83a2f056d43da024c839a9ebf679f8e10563a5e4a7c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4946
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 30 Nov 2020 12:08:00 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:38 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0904c7211c7d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands_menu_object.json Show response
bank.marksandspencer.com/data/ 49 KB
5 KB 48ms
48ms XHR
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/data/mands_menu_object.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

9354c6fa3f1b03432bd8804700eb8aa3821f585f24cb2d4a804c6268160e2ca2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://bank.marksandspencer.com/
X-Requested-With: XMLHttpRequest
ADRUM: isAjax:true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4807
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 11 Jan 2021 16:08:40 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:38 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: max-age=86400
ETag: "0348f634e8d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK securityMattersBG.JPG
bank.marksandspencer.com/images/backgrounds/ 31 KB
32 KB 53ms
53ms Image
image/jpeg 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/securityMattersBG.JPG

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

0cf172752e734292248fb876d845240d054377558144a9ee75c6bcb8eadfe0c2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Thu, 06 Aug 2020 11:11:45 GMT
Server
ETag: "d5cf35ee26bd61:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Fri, 19 Feb 2021 12:15:38 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 31939
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK clock--black.svg
bank.marksandspencer.com/images/icons/ 3 KB
2 KB 48ms
48ms Image
image/svg+xml 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/clock--black.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

c97365f95cbef2b03d362457a983121bd252ce4933d3a638a9c3a38a3c7ab5dc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1349
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 06 Aug 2020 09:26:12 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:38 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "d0373ba0d36bd61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 100 B
685 B 52ms
52ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

4ae65a22480d2d4ac63be1156fb66b65e3e729b44135332dfd84823ad385f720

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:29 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=97
Content-Length: 100

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 100 B
685 B 53ms
52ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

72513c5cad63e199be137ae03b63c2cfdbdbd13c1028873cfc973813a43cc1d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:29 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=96
Content-Length: 100

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 100 B
685 B 52ms
52ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

6f09210f242a9e67a1f9ec425ef1698eb82a9b333323253bec1bc18c4858249d

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:31 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=95
Content-Length: 100

GET
H/1.1 200
OK main.css
bank.marksandspencer.com/widgets/virtual-assistant/css/ 27 KB
5 KB 49ms
49ms Stylesheet
text/css 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/widgets/virtual-assistant/css/main.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/widgets/virtual-assistant/mands.virtual-assistant.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

2d167fe282bc3b3f87c48da4ef79c8223125e0240cb5e8e23442a075a48c6646

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4507
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Jul 2020 10:04:49 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:40 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "80361cdc5866d61:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK main.js Show response
bank.marksandspencer.com/widgets/virtual-assistant/js/ 14 KB
5 KB 51ms
51ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/widgets/virtual-assistant/js/main.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/widgets/virtual-assistant/mands.virtual-assistant.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

391dec2dc9036ced16954005fa08943d5568965d79ad20d86ebfa17975a940ab

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4469
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 17 Oct 2019 08:51:09 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:40 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "807c75c884d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js Show response
cdn.appdynamics.com/ 50 KB
20 KB 106ms
47ms Script
application/javascript 13.226.159.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.appdynamics.com/adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js
Requested by: Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.226.159.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-159-121.dus51.r.cloudfront.net
Software: nginx/1.10.2 /
Resource Hash: c063cc48c10c59a43ee8f325053b7cf8041eec8704c02c2191d4d7c2be638121

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 22 Jan 2021 01:47:12 GMT
content-encoding: gzip
age: 2456959
x-cache: Hit from cloudfront
access-control-allow-origin: *
last-modified: Wed, 26 Sep 2018 23:59:21 GMT
server: nginx/1.10.2
etag: W/"5bac1d59-c890"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
via: 1.1 5cd60f530cdafe284762767565aa2747.cloudfront.net (CloudFront)
cache-control: public, max-age=2678400, s-max-age=14400
x-amz-cf-pop: DUS51-C1
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: mpYixMv1HfLL11wWyTLmlfyybj9z_mN2tabhzCtmYCiqhrImqrZomw==

GET
H/1.1 200
OK LivePersonVirtualAssistantModule.js Show response
bank.marksandspencer.com/widgets/virtual-assistant/js/ 21 KB
7 KB 51ms
50ms Script
application/javascript 193.108.76.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/widgets/virtual-assistant/js/LivePersonVirtualAssistantModule.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/widgets/virtual-assistant/mands.virtual-assistant.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

193.108.76.36 Woolwich, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Resource Hash

d0b075aa71f11dd65152c6bccecaff5c9c3e033973e8d2ce015ba7590fa62e23

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 6347
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 17 Dec 2018 15:53:34 GMT
Server
X-Frame-Options: SAMEORIGIN
Date: Fri, 19 Feb 2021 12:15:40 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0933faa2096d41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 27 B
734 B 53ms
53ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

d9c88f79a073d20b95c45373e616360392969c85df8915c8c00431d9b344dd8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:31 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=94
Content-Length: 27

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/ 264 KB
96 KB 52ms
52ms Script
application/x-javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=unauthenticated&b=1
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.365.js?utv=ut4.39.202009231335
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.23 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 24faf79e3d7d3c4c274621ffcfbf9c397744638890f27ba04ced5719db9175d3

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:32 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 / Show response
accdn.lpsnmedia.net/api/account/88016402/configuration/setting/accountproperties/ 5 KB
1 KB 144ms
33ms Script
application/javascript 178.249.101.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/88016402/configuration/setting/accountproperties/?cb=lpCb8028x13094
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=unauthenticated&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: am-accdn.lpsnmedia.net
Software: ws /
Resource Hash: bd340a56e27f9e8c7ae2ea7dd26434394dbf24b1a9097deaff2fb38f1d713e9e

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:32 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Fri, 19 Feb 2021 12:17:22 GMT

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/88016402/configuration/le-campaigns/ 2 KB
571 B 152ms
45ms Script
application/javascript 178.249.101.99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/88016402/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=unauthenticated&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: am-accdn.lpsnmedia.net
Software: ws /
Resource Hash: 2cc04f32c81adf42fec302f9bdae1560450c46459a8e2c1386a0a99ccd391315

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:32 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
x-envoy-upstream-service-time: 1
expires: Fri, 19 Feb 2021 12:16:44 GMT

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 27 B
734 B 51ms
51ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

d9c88f79a073d20b95c45373e616360392969c85df8915c8c00431d9b344dd8b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:32 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=93
Content-Length: 27

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 100 B
685 B 56ms
55ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

4a9f4bea10e1399e70526ba82a7c2830ff071ce2c2191bce9bcdbb15b43c3221

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:32 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=92
Content-Length: 100

POST
H/1.1 200
OK adrum Show response
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/ 0
954 B 868ms
234ms XHR
text/html 34.217.242.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/adrum

Requested by

Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.217.242.192 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-217-242-192.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 19 Feb 2021 12:16:33 GMT
x-content-type-options: nosniff
server: envoy
vary: *
content-type: text/html
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time: 0
Connection: keep-alive
access-control-allow-headers: origin, content-type, accept
Content-Length: 0
expires: 0

GET
H2 200 storage.secure.min.html Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/ Frame D418 39 KB
16 KB 154ms
41ms Document
text/html 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/storage.secure.min.html?loc=https%3A%2F%2Fbank.marksandspencer.com&site=88016402&env=prod
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=unauthenticated&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-lpcdn.lpsnmedia.net
Software: ws /
Resource Hash: 59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158

Request headers

:method: GET
:authority: lpcdn.lpsnmedia.net
:scheme: https
:path: /le_secure_storage/3.12.0.0-release_5037/storage.secure.min.html?loc=https%3A%2F%2Fbank.marksandspencer.com&site=88016402&env=prod
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://bank.marksandspencer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://bank.marksandspencer.com/

Response headers

date: Fri, 19 Feb 2021 12:16:34 GMT
content-type: text/html
last-modified: Tue, 29 Dec 2020 12:59:22 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
expires: Fri, 19 Feb 2021 12:26:34 GMT
cache-control: max-age=600

GET
H2 200 storage.secure.min.js Show response
lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/ 38 KB
15 KB 130ms
130ms Script
application/javascript 178.249.97.98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.12.0.0-release_5037/storage.secure.min.js?loc=https%3A%2F%2Fbank.marksandspencer.com&site=88016402&force=1&env=prod
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=unauthenticated&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo-lpcdn.lpsnmedia.net
Software: ws /
Resource Hash: b866a58e02b01ca9537cb6d024f348f7373c88b94a92d310560885c93de8abd2

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:34 GMT
content-encoding: gzip
last-modified: Tue, 29 Dec 2020 12:59:22 GMT
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: max-age=600
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
expires: Fri, 19 Feb 2021 12:26:34 GMT

GET
H2 200 88016402 Show response
lo.v.liveperson.net/api/js/ 244 B
1 KB 168ms
62ms Script
application/javascript 178.249.97.70
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.v.liveperson.net/api/js/88016402?&cb=lpCb25765x2421&t=sp&ts=1613736992262&pid=1584796789&tid=2272655183&pt=Personal%20Banking%2C%20Insurance%20And%20Travel%20Services%20%7C%20M%26S%20Bank&u=https%3A%2F%2Fbank.marksandspencer.com%2F&sec=%5B%22PWS.MO%22%5D&df=0&os=1&sdes=%5B%7B%22type%22%3A%22ctmrinfo%22%2C%22info%22%3A%7B%22ctype%22%3A%22en%22%7D%7D%2C%7B%22type%22%3A%22cart%22%2C%22numItems%22%3A0%2C%22products%22%3A%5B%7B%22product%22%3A%7B%22name%22%3A%22site_region-Europe_UK_United_Kingdom_M%26S_Bank_M%26S_Bank%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%5D%7D%5D&identities=%5B%7B%22iss%22%3A%22LivePerson%22%2C%22acr%22%3A%220%22%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=unauthenticated&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.70 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo.v.liveperson.net
Software: ws /
Resource Hash: d04d82467c3b568f9e8cde064bfa414ad034397e60b3baa669aa1d6ce98933cb

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:34 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H2 200 88016402 Show response
lo.v.liveperson.net/api/js/ 111 B
854 B 47ms
47ms Script
application/javascript 178.249.97.70
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.v.liveperson.net/api/js/88016402?sid=gU6h8CfrTHG9HyG_bJqumw&cb=lpCb64080x35012&t=pl&ts=1613736994483&pid=1584796789&tid=2272655183&vid=c4MzdlYTViZThlMzQ4ODE5
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=unauthenticated&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.70 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo.v.liveperson.net
Software: ws /
Resource Hash: a18ecf3b6c436b8beea4f6f6f234b509f5ee5f9116dfdd065905c8da22409942

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Fri, 19 Feb 2021 12:16:34 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: no-store
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 101 B
686 B 52ms
52ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

79b850307a9f8fca40a416313e308393172e4bac80891a5fc3ef0b5284484e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:35 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=91
Content-Length: 101

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 50 B
634 B 51ms
51ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:38 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=90
Content-Length: 50

POST
H/1.1 200
OK adrum Show response
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/ 0
954 B 211ms
210ms XHR
text/html 34.217.242.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/adrum

Requested by

Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.217.242.192 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-217-242-192.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 19 Feb 2021 12:16:38 GMT
x-content-type-options: nosniff
server: envoy
vary: *
content-type: text/html
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time: 0
Connection: keep-alive
access-control-allow-headers: origin, content-type, accept
Content-Length: 0
expires: 0

POST
H/1.1 200
OK adrum Show response
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/ 0
954 B 213ms
212ms XHR
text/html 34.217.242.192
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/adrum

Requested by

Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.217.242.192 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-217-242-192.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-type: text/plain

Response headers

pragma: no-cache
date: Fri, 19 Feb 2021 12:16:43 GMT
x-content-type-options: nosniff
server: envoy
vary: *
content-type: text/html
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time: 2
Connection: keep-alive
access-control-allow-headers: origin, content-type, accept
Content-Length: 0
expires: 0

POST
H/1.1 200
OK jsEvent.json Show response
comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/ 50 B
635 B 145ms
53ms XHR
application/json 91.214.5.197
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://comshub-msb.marksandspencer.com/2926/333362148/XBW09WEA78JG/jsEvent.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.197 Romford, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

Apache /

Resource Hash

edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Pragma: no-cache
Date: Fri, 19 Feb 2021 12:16:43 GMT
Strict-Transport-Security: max-age=16070400; includeSubDomains
X-Content-Type-Options: nosniff
Server: Apache
X-Frame-Options: SAMEORIGIN
P3P: CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-store, no-cache
Access-Control-Allow-Credentials: true
S: LWSMNS01UK
Connection: Keep-Alive
Content-Type: application/json
Keep-Alive: timeout=5, max=100
Content-Length: 50

Verdicts & Comments Add Verdict or Comment

203 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.marksandspencer.com/	1969-12-31 23:59:59	Name: HSBCMSBsession Value: 33336351_1613736988152_1613736988390_2926_17a89425b8b648c99c48c2ae6c1e5525
.marksandspencer.com/	1970-01-19 19:51:36	Name: HSBCMSBpersisted Value: null_1_0e7c46174ed44d559365f1a8cd3b6a1c_1613736988390_33336351_1613736988390_1
.marksandspencer.com/	1970-01-19 16:15:51	Name: bm_sz Value: 0F564A13551D7322675AEAD75574AB7D~YAAQ92QRAkzLObl3AQAAMko4ugpZ4A79Pd5/r4Mk1PsyKNuuqZCrqVOcLjCn3v2chPWwkUOJ5rUGhl0X9uH0qJc0VB58A8cMdOnbu8bPYF+FKLzH4KZ3VRWY4jp0G1PVQ0fpvXzX5XCv9qScohWOJBNVKyOI2ldA7WFpxnOxJByVbic/236vZdDy0FL/syjT1kXgZyzHdDc=
.marksandspencer.com/	1969-12-31 23:59:59	Name: tms_ref Value:
.marksandspencer.com/	1970-01-20 01:01:12	Name: utag_main Value: v_id:0177ba384d8a00186d7cb7aacd2a00078002107000b08$_sn:1$_ss:0$_pn:2%3Bexp-session$_st:1613738788101$ses_id:1613736988042%3Bexp-session$sskey:undefined%3Bexp-1616328988057$_se:1
.marksandspencer.com/	1970-01-19 16:15:44	Name: ak_bmsc Value: 8E2A7C9C8C55830EC3B2FA443ACB1EB1021164E70C6000001BAC2F60EE90681A~pl1nIfJNoR2hq2mCLiqNEKojIH26Viu1jJ40vsZmwECrLaWYQvkPjE5DMwM/ZLf/ktocOs1lLxXTka9xk1tSz0EL8jDgj3PA2ASjr2Mt4FyUBUN2ICAZtl/7ZjF7b1OX3YfKFyGHswW5o4bkloTXQLMp6Ma1TH8XQlQjAu/XzSiYh4MLEvBkWPSzVxoDyAHxeLcfEXySosHeXDVs66OK1zMWndcsmL532ljIpwPku1VL/5Bwyc/Kap4I/2+LsnDHqt
.marksandspencer.com/	1970-01-20 01:01:12	Name: _abck Value: B0E8FB45A875155FE2429EEA017363C0~-1~YAAQ92QRAk3LObl3AQAAM0o4ugXIRk21heTj+VODXQTuKBLPC8EiIs8DZij7VeJqjesUvkuSj4Yyx0V7PGXfCwxB+FkgyieiUNESg2pP/UDznJmPbAJGQNEELyCvDtUnyh7DidiFk0fPYtNtrb20YtWKUukI6o+8QVsZlk0bYLsmh6BYuN5IBAca5gGfpOOJ/BgntTAFNqKWz0XQ7loCTeAzmWZiM3aKCQ6OVW0guhkB5edxoD+UU6rNd+05ulZVYlZuUCJCiN8Whdnllk+P90fUeZ2zMtxUgzE87Kcb~-1~-1~-1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://bank.marksandspencer.com/script/src/mands.versionchecker.js(Line 20) Message: Macintosh; Int
console-api	log	URL: https://bank.marksandspencer.com/widgets/virtual-assistant/js/LivePersonVirtualAssistantModule.js(Line 237) Message: ==> addSurveyHooks
console-api	log	URL: https://bank.marksandspencer.com/widgets/virtual-assistant/js/LivePersonVirtualAssistantModule.js(Line 239) Message: ==> _waitForHooks
console-api	log	URL: https://bank.marksandspencer.com/widgets/virtual-assistant/js/LivePersonVirtualAssistantModule.js(Line 244) Message: ==> hooks found!

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
bank.marksandspencer.com
cdn.appdynamics.com
col.eum-appdynamics.com
comshub-msb.marksandspencer.com
lo.v.liveperson.net
lpcdn.lpsnmedia.net
lptag.liveperson.net
tags.tiqcdn.com
www.marksandspencer.com
13.226.159.121
178.249.101.23
178.249.101.99
178.249.97.70
178.249.97.98
193.108.76.36
23.79.128.10
23.79.129.43
34.217.242.192
91.214.5.197
0cf172752e734292248fb876d845240d054377558144a9ee75c6bcb8eadfe0c2
145d14bb73e5b03cc73062c2a78c392125b891c62b1cc9d542e5adba762f04e7
15b3176b44aa81878d3bb83a2f056d43da024c839a9ebf679f8e10563a5e4a7c
1a6b63673f577ea6470358583337c75f46a1042e9e09c2f5f3deec339388a550
1e92df628740b9a0747ba5b23c739286a98e430272eee46d65e7a6f62edcb59d
22d36a421349213f61df761dda273340ab4e2d15141e781c239ef863de3f9868
24faf79e3d7d3c4c274621ffcfbf9c397744638890f27ba04ced5719db9175d3
256b71d550df44d6fb6f683e12cd5183771d2819070ecd297c93e34682600c4f
2a8e84faa056425ad41953f6c63d60d08c8e740cc6f6a976b6dfc00bae7e973c
2b0bb367c06d59c201f4201566702bebbac2d8714684e239179ed4f41e229673
2cc04f32c81adf42fec302f9bdae1560450c46459a8e2c1386a0a99ccd391315
2d167fe282bc3b3f87c48da4ef79c8223125e0240cb5e8e23442a075a48c6646
2d90eec8dc0a50ba2582283e59c099d64c38035eadf8eb98126f47c38a3f5202
2e31ef2b77c95bf86e070e73b6e7f190cfd35608ae6eca901530d989a673fbcd
30002a98abe75756838f88dc317a340825ec2ef95d31918a126b97945e8f2879
391dec2dc9036ced16954005fa08943d5568965d79ad20d86ebfa17975a940ab
3985a7ff117a087c2b7c408042206916e648318da33678a1b955e9dc94714206
4a9f4bea10e1399e70526ba82a7c2830ff071ce2c2191bce9bcdbb15b43c3221
4ae65a22480d2d4ac63be1156fb66b65e3e729b44135332dfd84823ad385f720
4d3dc6a3b95b9ad69468248906dfadea2b2a2e49ec9a939e2b3710f035ffa8e4
501a2d60e52a848c8231ba53d012fbbc12f670e7c92796cc54f8cbc722aefaea
56610062e434f484912f01779bff1227ccf09655e2c88fed7bc1511c128ca8e4
59f4843277d9aca1200c779c52318aadb380021a0051a6644b75274acb7fe158
5e2356aea10a306f9e90ffca3b7017f41f170e0735be6d84e076ab4a97725041
6558b6faf8be1fb3747d24750f2bbbd477c53b7f05663aad6fb67288a1afd064
66f03426203ededebb1db0a7cb7aec7bf7c28ac1bd0f311d5a03819357419495
6ad88752fd80309e230e3f121af90f288936c75a521e1e4d47606ef1b05ccaec
6cfa4da312762417929bc2f89f586dd658c555946b30cfffb2b08b00a6fea407
6cfe1e589a8b7e7578ebc02a622a50a5b2e053e9b36da407778d365e1bcbcdba
6f09210f242a9e67a1f9ec425ef1698eb82a9b333323253bec1bc18c4858249d
70dae469f94f214b589d53521b903830a08b4fb589d47a4c269a83c79116886a
724b5b3259e8ee735c6dfa7b97cc0c2e58ffc8c78b02cb5d00a5f8d34dfff352
72513c5cad63e199be137ae03b63c2cfdbdbd13c1028873cfc973813a43cc1d4
79b850307a9f8fca40a416313e308393172e4bac80891a5fc3ef0b5284484e30
7a255f0ba8e99b68fd908cc373a3f56cb6b44da9f7800f552294ab14a2fe5ac7
7c8f3e046fc811027569f7e70c4ce9b28b26c740fc26d8ae6b999a2de59dcfce
8684c695cbaed3a81d715d7438945e5611e779e9faf72e267de69497e069517a
8ac18425e82ec22ef35b5607d2b312f583af68f9226a1ca875a756bf49db3541
8f0994a7adb677e7c2488d0c5720e1e3acbd91f65bd4d4b3b758f3fd22f094fc
9354c6fa3f1b03432bd8804700eb8aa3821f585f24cb2d4a804c6268160e2ca2
9824fc7bd58b70fdea8b3d10357948530741c74155a49359aafc33a1b78ba1ec
982e3986bcc4d98f466b329d6cbb3f5f0ad6310f6493244075e0b6355f205274
9ac8629151934e9fa104de115d50965739de7cb808b081194f245e24330c3a79
a18ecf3b6c436b8beea4f6f6f234b509f5ee5f9116dfdd065905c8da22409942
a6df6c2664bada199c4946ff58fec8e95f240eee85f28e78a60493c440fcdaa9
a7d432f36c40fe5c0262823107d36c99969abc22bc926f367f3c93c2a7ce9752
ab30bb0fb492a9008aca0a6e27872308a54181be4251f44c9d9a68a72a496a4f
ac05d370b28be00eb0395d86858450cd3727a7170c40b33bdb157b33c5d73445
af7842e6450d9905ff1e5d7c8e782bdb313811dc8a0c9469cdd79192e02b483b
b208495a1d011e584beeb11f75d657f8e7a74219f8e24cd72c021d1af756f60e
b329ee9656a60d6d147530a52d978a8503ae839102bfda325cf1491e7f94f4d3
b4f2b540ef0060ecfcd605c6be1d454d5fc36bc4b85720e9002222abb0b30e1a
b740ff2e1d12bb961e1dc2a07ab8cc5e88972ab073bdf1af80f898ce85d4ed66
b866a58e02b01ca9537cb6d024f348f7373c88b94a92d310560885c93de8abd2
bd340a56e27f9e8c7ae2ea7dd26434394dbf24b1a9097deaff2fb38f1d713e9e
c063cc48c10c59a43ee8f325053b7cf8041eec8704c02c2191d4d7c2be638121
c1381fac7ac6e67d833cde753fec2a207cc29863acc3a54ecc80775c5d66243b
c2bfae428081009a33826ce5ec4e93b671a8de96fd063192bc9e00fdc00692d9
c48acdb9b7d94248b474d050bff62bfbc0add2f14342e25a4775ece5e95a73f5
c97365f95cbef2b03d362457a983121bd252ce4933d3a638a9c3a38a3c7ab5dc
ca1fad97eecd5c23eb2a7fddbfe378b3528da9ebbfd4b6c3235281407345c4dc
ce54a78e2210034dc41c969f4cc61178b2f443b415e6fd5fde19e9c44bbc3354
ce7a43130d19ece60a30b05fd8947f878b978e76d8c869968407d176c0235a38
d04d82467c3b568f9e8cde064bfa414ad034397e60b3baa669aa1d6ce98933cb
d0b075aa71f11dd65152c6bccecaff5c9c3e033973e8d2ce015ba7590fa62e23
d9c88f79a073d20b95c45373e616360392969c85df8915c8c00431d9b344dd8b
e10a71a1c113d23d2bc2a66e8f3314680e1e10df9058babeddf8314920468b38
e18553629dc0faeee77e91463213d8a5e29c82a6e450f3ba00dd92f464d35c06
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e8614c709a86f38b9a0a553561e4deb3bfb673b4b6ca515b3241f9cbb29a45ed
edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed
f31ddafef29bd2e57f5e64bb199ac1c865a600670c2272496830e0bf7d03f24c
f67e9063197eb43e11b1bbe34c9a2249c7cdd16efe22d345c87c2470789c520b
fdd131c764471b2262b55f468fb26d0da0bd53357238566b2b7939843b82d191
fe484ecacdab2953a802cddfa3784bf400e8bbcc673c884db65e492fed747f9d

bank.marksandspencer.com Open in urlscan Pro 193.108.76.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

90 Requests

100 %HTTPS

0 %IPv6

6 Domains

10 Subdomains

9 IPs

3 Countries

1204 kBTransfer

2589 kBSize

7 Cookies

7 Outgoing links

Page URL History

Redirected requests

90 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

bank.marksandspencer.com Open in urlscan Pro
193.108.76.36 Public Scan

Screenshot
Live screenshot

Full Image

90
Requests

100 %
HTTPS

0 %
IPv6

6
Domains

10
Subdomains

9
IPs

3
Countries

1204 kB
Transfer

2589 kB
Size

7
Cookies

90 HTTP transactions
0 data transactions