open-banking-developer.capitalone.co.uk Open in urlscan Pro
13.225.78.109  Public Scan

URL: https://open-banking-developer.capitalone.co.uk/
Submission: On March 21 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 13.225.78.109, located in United States and belongs to AMAZON-02, US. The main domain is open-banking-developer.capitalone.co.uk.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 21st 2023. Valid for: a year.
This is the only time open-banking-developer.capitalone.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 13.225.78.109 16509 (AMAZON-02)
7 1
Apex Domain
Subdomains
Transfer
7 capitalone.co.uk
open-banking-developer.capitalone.co.uk
505 KB
7 1
Domain Requested by
7 open-banking-developer.capitalone.co.uk open-banking-developer.capitalone.co.uk
7 1

This site contains links to these domains. Also see Links.

Domain
www.capitalone.co.uk
Subject Issuer Validity Valid
open-banking-developer.capitalone.co.uk
DigiCert SHA2 Extended Validation Server CA
2023-03-21 -
2024-03-20
a year crt.sh

This page contains 1 frames:

Primary Page: https://open-banking-developer.capitalone.co.uk/
Frame ID: 2C4B3C919D27E0DC14E3B3B2CA6B9895
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

Developer Portal - Capital OneĀ®Capital One logo

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

505 kB
Transfer

495 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
open-banking-developer.capitalone.co.uk/
626 B
2 KB
Document
General
Full URL
https://open-banking-developer.capitalone.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-109.fra2.r.cloudfront.net
Software
server /
Resource Hash
c6f43bf5ec11845937acccd53f81dcad051f09cdff4f75bbf910c0357b548691
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=15778476
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
26719
content-length
626
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
content-type
text/html
date
Tue, 21 Mar 2023 14:20:46 GMT
etag
"dbde331d8a1118e31b3bc4f820ab2d6d"
last-modified
Tue, 21 Mar 2023 11:13:34 GMT
referrer-policy
strict-origin
server
server
strict-transport-security
max-age=15778476
via
1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
x-amz-cf-id
6yw_F_K-EFEA8JqWUaY5YUpqsCFqy8floAOO0TgFSCrsLVefTYRYOw==
x-amz-cf-pop
FRA2-C2
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
main.44f8335b.js
open-banking-developer.capitalone.co.uk/static/js/
351 KB
353 KB
Script
General
Full URL
https://open-banking-developer.capitalone.co.uk/static/js/main.44f8335b.js
Requested by
Host: open-banking-developer.capitalone.co.uk
URL: https://open-banking-developer.capitalone.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-109.fra2.r.cloudfront.net
Software
server /
Resource Hash
fc5f0e6f5a02ecee2358a2f50e4b89e1a3a77273a1b1151d40a1b42f565fb201
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=15778476
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://open-banking-developer.capitalone.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 21:46:06 GMT
via
1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
strict-transport-security
max-age=15778476
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
359697
x-xss-protection
1; mode=block
referrer-policy
strict-origin
last-modified
Tue, 21 Mar 2023 11:13:35 GMT
server
server
etag
"9595de378ecf41998296b0d526777eb4"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
sWt8VDOZ_0BPmCSWKLVmgJEY7B9zp-WHF4MVSDQ9Evj56JcYKdIUSw==
main.2ede0c6e.css
open-banking-developer.capitalone.co.uk/static/css/
6 KB
7 KB
Stylesheet
General
Full URL
https://open-banking-developer.capitalone.co.uk/static/css/main.2ede0c6e.css
Requested by
Host: open-banking-developer.capitalone.co.uk
URL: https://open-banking-developer.capitalone.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-109.fra2.r.cloudfront.net
Software
server /
Resource Hash
6eb1964dd4410835577d412a80f4d3b2f80f804d5182e553fee17f3749fe0f18
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=15778476
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://open-banking-developer.capitalone.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 21:46:06 GMT
via
1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
strict-transport-security
max-age=15778476
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
5830
x-xss-protection
1; mode=block
referrer-policy
strict-origin
last-modified
Tue, 21 Mar 2023 11:13:34 GMT
server
server
etag
"82bb5d0918ff0f73b1cd6efba2ba880d"
x-frame-options
DENY
content-type
text/css
accept-ranges
bytes
x-amz-cf-id
pjbT4HYYHle0DlvyOrsX7DsNmFYDnWsmrnbWKv05NHTQJOoRzvqKjQ==
capital-one-logo.dd7c67e5.chunk.js
open-banking-developer.capitalone.co.uk/static/js/
519 B
2 KB
Script
General
Full URL
https://open-banking-developer.capitalone.co.uk/static/js/capital-one-logo.dd7c67e5.chunk.js
Requested by
Host: open-banking-developer.capitalone.co.uk
URL: https://open-banking-developer.capitalone.co.uk/static/js/main.44f8335b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-109.fra2.r.cloudfront.net
Software
server /
Resource Hash
a1fd87f743621bd0c3dbcdc72770077c726266c8e22468ee2d461aff7508f8fe
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=15778476
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://open-banking-developer.capitalone.co.uk/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 21:46:07 GMT
via
1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
strict-transport-security
max-age=15778476
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
519
x-xss-protection
1; mode=block
referrer-policy
strict-origin
last-modified
Tue, 21 Mar 2023 11:13:34 GMT
server
server
etag
"81cffba19751318e7e1bb9942bb871ff"
x-frame-options
DENY
content-type
application/javascript
accept-ranges
bytes
x-amz-cf-id
iFpIeuiu2YeshLrqV3dL6UeX6CbMUC-Q0S3ODJewIFV_lDSkbYeKWA==
BarlowCondensed-Bold.76a40c76ef23dd092066.woff2
open-banking-developer.capitalone.co.uk/static/media/
60 KB
61 KB
Font
General
Full URL
https://open-banking-developer.capitalone.co.uk/static/media/BarlowCondensed-Bold.76a40c76ef23dd092066.woff2
Requested by
Host: open-banking-developer.capitalone.co.uk
URL: https://open-banking-developer.capitalone.co.uk/static/css/main.2ede0c6e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-109.fra2.r.cloudfront.net
Software
server /
Resource Hash
2a68cbc9b65c87d7805b4e912545dc8f2426f9134affc0f07bec252782bd0bd0
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=15778476
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://open-banking-developer.capitalone.co.uk/
Origin
https://open-banking-developer.capitalone.co.uk
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 21:46:07 GMT
via
1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
strict-transport-security
max-age=15778476
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
61060
x-xss-protection
1; mode=block
referrer-policy
strict-origin
last-modified
Tue, 21 Mar 2023 11:13:35 GMT
server
server
etag
"40bd366b91d2de9f5e4fe31e6d65e8de"
x-frame-options
DENY
content-type
font/woff2
accept-ranges
bytes
x-amz-cf-id
wUfaqPZ88x9YLbcsSIFY-ShYe2sMp2A50EhOqxZ-V3emY9lr6rYcqg==
Barlow-Regular.39e6d0703dd85e86a002.woff2
open-banking-developer.capitalone.co.uk/static/media/
19 KB
21 KB
Font
General
Full URL
https://open-banking-developer.capitalone.co.uk/static/media/Barlow-Regular.39e6d0703dd85e86a002.woff2
Requested by
Host: open-banking-developer.capitalone.co.uk
URL: https://open-banking-developer.capitalone.co.uk/static/css/main.2ede0c6e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-109.fra2.r.cloudfront.net
Software
server /
Resource Hash
0592ae7c6104dc87fc74944cff444b01bcacbba82d4ddc6b9e4acf939635b413
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=15778476
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://open-banking-developer.capitalone.co.uk/
Origin
https://open-banking-developer.capitalone.co.uk
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 21:46:07 GMT
via
1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
strict-transport-security
max-age=15778476
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
19828
x-xss-protection
1; mode=block
referrer-policy
strict-origin
last-modified
Tue, 21 Mar 2023 11:13:35 GMT
server
server
etag
"b6daad04bd549ed89d5219e34926dadd"
x-frame-options
DENY
content-type
font/woff2
accept-ranges
bytes
x-amz-cf-id
2F1rlPTkRMQc3v-Ce28uXybqwZa20tfYEPAyN7l913FMFtPOiej94Q==
Barlow-Medium.733951f04da74f4c1f2a.woff2
open-banking-developer.capitalone.co.uk/static/media/
58 KB
59 KB
Font
General
Full URL
https://open-banking-developer.capitalone.co.uk/static/media/Barlow-Medium.733951f04da74f4c1f2a.woff2
Requested by
Host: open-banking-developer.capitalone.co.uk
URL: https://open-banking-developer.capitalone.co.uk/static/css/main.2ede0c6e.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-109.fra2.r.cloudfront.net
Software
server /
Resource Hash
026d66f2f95c28f8da01f432139c3d68c2f0b96961a3e3a7ccb884e7f640aaba
Security Headers
Name Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=15778476
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://open-banking-developer.capitalone.co.uk/
Origin
https://open-banking-developer.capitalone.co.uk
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

date
Tue, 21 Mar 2023 21:46:07 GMT
via
1.1 1e498d046330e15095a1a2a958463bf4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
content-security-policy
default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
strict-transport-security
max-age=15778476
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
59180
x-xss-protection
1; mode=block
referrer-policy
strict-origin
last-modified
Tue, 21 Mar 2023 11:13:35 GMT
server
server
etag
"bb14ffff9bb8ad78bbcd778b55e67417"
x-frame-options
DENY
content-type
font/woff2
accept-ranges
bytes
x-amz-cf-id
bhYiKGj7yrMVvNuHtrHUWRWqwr_eZbFrmoLAFD9GmBGtJwAIbQRPDg==

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| webpackChunkopen_banking_ui

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self';script-src 'self' 'unsafe-eval' 'sha256-4BDRW+xjKn3DNOL0SfAK02VF6ZHIgtNrcB6wQQc8lfs=' 'sha256-7USlA+56EBSKtmJhsOtv89xRkKVufHi+965iZQPf1Qc=' 'sha256-zkIfJey2QJSMWsoE/xLvQ6GebR1o8N9s0f9cjTQ7mS0=' 'sha256-ATtoF2oBGf0wHxVVte8/6al1uii1Q2BFUqFp/aYKx9E=' https://www.google-analytics.com https://www.googletagmanager.com https://consent.trustarc.com https://consent-pref.trustarc.com https://bat.bing.com https://connect.facebook.net https://cdn.appdynamics.com https://www.googleoptimize.com https://optimize.google.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://optimize.google.com;connect-src 'self' https://col.eum-appdynamics.com https://www.google-analytics.com www.google-analytics.com https://api.zuko.io http://consent.trustarc.com http://consent-pref.trustarc.com https://bat.bing.com;img-src 'self' data: https://www.google-analytics.com www.google-analytics.com https://consent.trustarc.com https://consent-pref.trustarc.com www.googletagmanager.com https://bat.bing.com https://www.facebook.com https://optimize.google.com https://www.gstatic.com https://consent-or.trustarc.com;object-src 'none';font-src 'self' https://fonts.gstatic.com;frame-src 'self' https://consent-pref.trustarc.com https://optimize.google.com;frame-ancestors 'none';upgrade-insecure-requests
Strict-Transport-Security max-age=15778476
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block