urlscan.io logo urlscan.io
SecurityTrails logo

origin-www.ciiom.hsbc.com Open in urlscan Pro
193.108.75.94  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://origin-www.ciiom.hsbc.com/
Effective URL: https://origin-www.ciiom.hsbc.com/
Submission: On March 02 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 28 HTTP transactions. The main IP is 193.108.75.94, located in Wakefield, United Kingdom and belongs to HSBC-UK, GB. The main domain is origin-www.ciiom.hsbc.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on June 23rd 2022. Valid for: a year.
This is the only time origin-www.ciiom.hsbc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 18 193.108.75.94 20705 (HSBC-UK)
4 2600:9000:251... 16509 (AMAZON-02)
1 104.126.112.163 16625 (AKAMAI-AS)
4 91.214.5.154 20705 (HSBC-UK)
1 108.138.128.76 16509 (AMAZON-02)
1 54.202.103.15 16509 (AMAZON-02)
28 6
18    193.108.75.94 (Wakefield, United Kingdom)

ASN20705 (HSBC-UK, GB)
origin-www.ciiom.hsbc.com
4    2600:9000:2511:2800:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)
tags.tiqcdn.com
1    104.126.112.163 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-126-112-163.deploy.static.akamaitechnologies.com
akamai.tiqcdn.com
4    91.214.5.154 (United Kingdom)

ASN20705 (HSBC-UK, GB)
www.mcmprod.hsbc.co.uk
1    108.138.128.76 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-76.jfk50.r.cloudfront.net
cdn.appdynamics.com
1    54.202.103.15 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-202-103-15.us-west-2.compute.amazonaws.com
col.eum-appdynamics.com
Apex Domain
Subdomains		 Transfer
18 hsbc.com
origin-www.ciiom.hsbc.com
551 KB
5 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 999
akamai.tiqcdn.com — Cisco Umbrella Rank: 10028
74 KB
4 hsbc.co.uk
www.mcmprod.hsbc.co.uk — Cisco Umbrella Rank: 112968
41 KB
1 eum-appdynamics.com
col.eum-appdynamics.com — Cisco Umbrella Rank: 2780
734 B
1 appdynamics.com
cdn.appdynamics.com — Cisco Umbrella Rank: 3631
18 KB
28 5
Domain Requested by
18 origin-www.ciiom.hsbc.com 1 redirects origin-www.ciiom.hsbc.com
4 www.mcmprod.hsbc.co.uk origin-www.ciiom.hsbc.com
tags.tiqcdn.com
4 tags.tiqcdn.com origin-www.ciiom.hsbc.com
tags.tiqcdn.com
1 col.eum-appdynamics.com origin-www.ciiom.hsbc.com
1 cdn.appdynamics.com origin-www.ciiom.hsbc.com
1 akamai.tiqcdn.com origin-www.ciiom.hsbc.com
28 6
Subject Issuer Validity Valid
ciiom.hsbc.com
DigiCert SHA2 Extended Validation Server CA		 2022-06-23 -
2023-07-24		 a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02		 2023-03-01 -
2023-06-16		 4 months crt.sh
*.tiqcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-12 -
2024-01-14		 a year crt.sh
www.mcmprod.hsbc.co.uk
DigiCert SHA2 Extended Validation Server CA		 2022-10-07 -
2023-09-14		 a year crt.sh
*.appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-07-17 -
2023-07-22		 a year crt.sh
*.eum-appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-14 -
2023-07-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://origin-www.ciiom.hsbc.com/
Frame ID: FB2A02BA530F6060C1078C0CE2A7C49A
Requests: 28 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

404

Page URL History Show full URLs

  1. http://origin-www.ciiom.hsbc.com/ HTTP 301
    https://origin-www.ciiom.hsbc.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
Overall confidence: 100%
Detected patterns
  • adrum
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

28
Requests

100 %
HTTPS

17 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

683 kB
Transfer

2352 kB
Size

14
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://origin-www.ciiom.hsbc.com/ HTTP 301
    https://origin-www.ciiom.hsbc.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

28 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
origin-www.ciiom.hsbc.com/
Redirect Chain
  • http://origin-www.ciiom.hsbc.com/
  • https://origin-www.ciiom.hsbc.com/
93 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
ae6ece27b200511864c5eacb1b82935565e8e443fa84251ba8f88f1aa78bb6ef
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com *.g.doubleclick.net *.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net www.google.com lo.v.liveperson.net connect.facebook.net tags.tiqcdn.com *.mcmprod.hsbc.co.uk; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com *.hsbc.co.uk http://127.0.0.1:5000/* *.facebook.com *.online-banking.ciiom.hsbc.com *.googletagmanager.com *.hsbc.com.uk ciiom.hsbc.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.facebook.com *.security.online-banking.ciiom.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net connect.facebook.net bid.g.doubleclick.net *.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self' blob:; child-src 'self'; media-src 'self' *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
10442
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com *.g.doubleclick.net *.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net www.google.com lo.v.liveperson.net connect.facebook.net tags.tiqcdn.com *.mcmprod.hsbc.co.uk; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com *.hsbc.co.uk http://127.0.0.1:5000/* *.facebook.com *.online-banking.ciiom.hsbc.com *.googletagmanager.com *.hsbc.com.uk ciiom.hsbc.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.facebook.com *.security.online-banking.ciiom.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net connect.facebook.net bid.g.doubleclick.net *.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self' blob:; child-src 'self'; media-src 'self' *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com;
Content-Type
text/html; charset=UTF-8
Date
Thu, 02 Mar 2023 03:09:23 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=100
S
gbl-prod-sy-aempub
Strict-Transport-Security
max-age=16070400; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
200
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 02 Mar 2023 03:09:23 GMT
Keep-Alive
timeout=5, max=100
Location
https://origin-www.ciiom.hsbc.com/
Strict-Transport-Security
max-age=16070400; includeSubDomains
Vary
Accept-Encoding
clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
origin-www.ciiom.hsbc.com/etc/designs/dpws/ 		841 KB
95 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
efe373642c0dd4ff67f20a4163439a1fcc82e4ee21035485e0a8ef87b9ad00a7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:24 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:24 GMT
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
text/css
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=100
X-XSS-Protection
1; mode=block
clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
ebb991b4937d6015d8937e8d23f6fa5b315e898a018d1f0972efe59765b754b4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:24 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 01 Mar 2023 09:38:06 GMT
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=100
Content-Length
11811
X-XSS-Protection
1; mode=block
utag.sync.js
tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/utag.sync.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:2800:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b7d3098d77e45ef7a69e4a219e54e92e51d639a408e18307fc1f8b42b9217592

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 03:09:24 GMT
content-encoding
gzip
via
1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
last-modified
Mon, 07 Nov 2022 18:33:17 GMT
server
AkamaiNetStorage
x-amz-cf-pop
JFK50-P6
etag
"a27a23ea6c63426d3e24fe3a32f87c0b:1667845997.126548"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
1207
x-amz-cf-id
nUAiaDFaxfMAizSN_4Zdluh8_eDAYu2UMbRCgsnPKerGhqwYZ_i97w==
hsbc-logo.svg
origin-www.ciiom.hsbc.com/content/dam/hsbc/ciiom/images/logo/ 		1 B
980 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin-www.ciiom.hsbc.com/content/dam/hsbc/ciiom/images/logo/hsbc-logo.svg
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=ISO-8859-1
Cache-Control
max-age=2592000
Connection
Keep-Alive
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=96
Content-Length
21
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
clientlib-jquery.5ea5c4f95742f26a1d6b25eb830feb0c.js
origin-www.ciiom.hsbc.com/etc/designs/dpws/ 		111 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-jquery.5ea5c4f95742f26a1d6b25eb830feb0c.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
d5c2c8d7956e2af9082fe02f239bd97c426f12e7a867d1b4f1a405c124d26cea
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:24 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:24 GMT
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=99
Content-Length
37902
X-XSS-Protection
1; mode=block
v2_2_0.min.25e7676b14f56aa25050f77c6b594232.js
origin-www.ciiom.hsbc.com/etc/designs/hsbc/cpi/clientlib-site/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/cpi/clientlib-site/v2_2_0.min.25e7676b14f56aa25050f77c6b594232.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
912f4c51a8c69eb08640d401656cb0ee974d0feb6f69a05635326843530ca06f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:24 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:24 GMT
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=99
Content-Length
5504
X-XSS-Protection
1; mode=block
v2_2_0.min.d391cf12edbe9cb0aa6a5cd650eb0567.js
origin-www.ciiom.hsbc.com/etc/designs/hsbc/cpi-masthead/clientlib-site/ 		15 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/cpi-masthead/clientlib-site/v2_2_0.min.d391cf12edbe9cb0aa6a5cd650eb0567.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
2cea73b7c9b18c93be931fbf1fd5c6bf1c44a0d0e34c343446162725983a1939
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=97
Content-Length
3090
X-XSS-Protection
1; mode=block
clientlib-all.min.72b73cbe882c7b5dbbe17fce78aaeff6.js
origin-www.ciiom.hsbc.com/etc/designs/dpws/ 		576 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-all.min.72b73cbe882c7b5dbbe17fce78aaeff6.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
48f364ef034cf0c9cf115d0a022682eae3745c67e098f13ed9b4167f184b05b1
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=97
X-XSS-Protection
1; mode=block
utag.js
tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/ 		227 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/utag.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:2800:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
ec35101b5bbf85e8046d441b2dbdbc988f108b1f5b698093ae84bc511c9d4687

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 03:09:24 GMT
content-encoding
gzip
via
1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
last-modified
Mon, 07 Nov 2022 18:33:17 GMT
server
AkamaiNetStorage
x-amz-cf-pop
JFK50-P6
etag
"a179282d69adeaea3d7d391e21db66c2:1667845997.402315"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
content-length
58927
x-amz-cf-id
O52FGvT8YOHaC_Sl6Ku5UJwZhD_K4LAdVU2dfjGp_Yiv0IsZWzB5oQ==
UniversNextforHSBCW02-Rg.woff
origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Rg.woff
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Origin
https://origin-www.ciiom.hsbc.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:24 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=98
Content-Length
27464
X-XSS-Protection
1; mode=block
UniversNextforHSBCW02-Bd.woff
origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Bd.woff
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Origin
https://origin-www.ciiom.hsbc.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=98
Content-Length
26328
X-XSS-Protection
1; mode=block
HSBCIcon-Font-Extension.woff
origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/HSBCIcon-Font-Extension.woff?ee39a20e77cff3aec879befe2cd1d29d
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Origin
https://origin-www.ciiom.hsbc.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=100
Content-Length
38384
X-XSS-Protection
1; mode=block
facebook.svg
origin-www.ciiom.hsbc.com/etc/designs/dpws/common/social/ 		950 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/common/social/facebook.svg
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
6a74e4deb1779d184febfd8928a08419349330126c8c2ef38e17a969b4b045a2
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=7776000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=100
Content-Length
598
X-XSS-Protection
1; mode=block
UniversNextforHSBCW02-Lt.woff
origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Lt.woff
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Origin
https://origin-www.ciiom.hsbc.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=100
Content-Length
26300
X-XSS-Protection
1; mode=block
location.js
akamai.tiqcdn.com/location/ 		18 B
805 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://akamai.tiqcdn.com/location/location.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.126.112.163 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-126-112-163.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Last-Modified
Mon, 30 Apr 2018 23:09:19 GMT
Server
AkamaiNetStorage
ETag
"6c98be5fda77913799e8ef24b86a7abd:1525129759"
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-EdgeScape-Location
Cache-Control
max-age=1296000
X-EdgeScape-Location
country_code=US,region_code=FL,city=MIAMI,areacode=305,zip=33101-33102+33106+33111-33112+33114+33116+33122+33124-33138+33142-33147+33150-33159+33161-33170+33172-33190+33193-33194+33196-33197+33199+33231+33233-33234+33238+33242-33243+33245+33247+33255-33257+33261+33265-33266+33269+33280+33283+33296+33299,bandwidth=5000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18
Expires
Fri, 17 Mar 2023 03:09:25 GMT
/
origin-www.ciiom.hsbc.com/configuration/modals/you-are-leaving-hsbc.modal/ 		2 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/configuration/modals/you-are-leaving-hsbc.modal/
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
795a8a2eef8b26c7eef6fd8c157ae4f86f99694eea6cd3c16f7806fe5b9fd3f0
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com *.g.doubleclick.net *.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net www.google.com lo.v.liveperson.net connect.facebook.net tags.tiqcdn.com *.mcmprod.hsbc.co.uk; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com *.hsbc.co.uk http://127.0.0.1:5000/* *.facebook.com *.online-banking.ciiom.hsbc.com *.googletagmanager.com *.hsbc.com.uk ciiom.hsbc.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.facebook.com *.security.online-banking.ciiom.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net connect.facebook.net bid.g.doubleclick.net *.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self' blob:; child-src 'self'; media-src 'self' *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://origin-www.ciiom.hsbc.com/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com *.g.doubleclick.net *.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net www.google.com lo.v.liveperson.net connect.facebook.net tags.tiqcdn.com *.mcmprod.hsbc.co.uk; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com *.hsbc.co.uk http://127.0.0.1:5000/* *.facebook.com *.online-banking.ciiom.hsbc.com *.googletagmanager.com *.hsbc.com.uk ciiom.hsbc.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.facebook.com *.security.online-banking.ciiom.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net connect.facebook.net bid.g.doubleclick.net *.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self' blob:; child-src 'self'; media-src 'self' *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com;
X-Content-Type-Options
nosniff
Connection
Keep-Alive
Content-Length
617
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=99
authorize.auth.json
origin-www.ciiom.hsbc.com/ 		20 B
418 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/authorize.auth.json?q&_=1677726565079
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://origin-www.ciiom.hsbc.com/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
json

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Fri, 24 Feb 2023 03:16:58 GMT
Vary
Cookie
Content-Type
application/json
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=96
Content-Length
20
X-XSS-Protection
1; mode=block
HSBCIcon-Font.woff
origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/ 		22 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/common/fonts/HSBCIcon-Font.woff?ee39a20e77cff3aec879befe2cd1d29d
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.ciiom.hsbc.com/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
Origin
https://origin-www.ciiom.hsbc.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:25 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Mar 2023 03:09:25 GMT
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Connection
Keep-Alive
Accept-Ranges
bytes
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=99
Content-Length
22532
X-XSS-Protection
1; mode=block
utag.145.js
tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/utag.145.js?utv=ut4.48.201906261200
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:2800:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
bcc1773d47b67c9102c82905b843342c394aa5499376058b986637beb03fd204

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Thu, 02 Mar 2023 03:09:25 GMT
content-encoding
gzip
via
1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
last-modified
Wed, 19 Aug 2020 12:34:27 GMT
server
AkamaiNetStorage
x-amz-cf-pop
JFK50-P6
etag
"324e01a6037b88d03459d1f590568a5a:1597840467.455994"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=2592000
accept-ranges
bytes
content-length
12876
x-amz-cf-id
KtoKrMFz2pLIziT_1WMdjpv6h9ewBU0SVxFy1pVHYouTJXtjiTDQTA==
session.json
www.mcmprod.hsbc.co.uk/4067/handler9/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mcmprod.hsbc.co.uk/4067/handler9/session.json
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.214.5.154 , United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
197b8619f5a91ef7349d74439423345d0fde03dd776c9a8ec665cdffe13846be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://origin-www.ciiom.hsbc.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Thu, 02 Mar 2023 03:09:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Vary
User-Agent
Content-Type
application/json
Access-Control-Allow-Origin
https://origin-www.ciiom.hsbc.com
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
LWSMCMRP101UK
Keep-Alive
timeout=5
Content-Length
2294
JavascriptInsert.js
www.mcmprod.hsbc.co.uk/ 		97 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mcmprod.hsbc.co.uk/JavascriptInsert.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/utag.145.js?utv=ut4.48.201906261200
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.214.5.154 , United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
ebc1a08c025d3bec275cc75fd24a76d600e174ccefa5ea62340051338c0172db
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:26 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Wed, 16 Feb 2022 13:11:36 GMT
Content-Encoding
gzip
ETag
1c4c8b15fc5cf9ccaf47de302549eccd
Vary
User-Agent
Content-Type
application/x-javascript
Cache-Control
max-age=900, s-maxage=900
Connection
Keep-Alive
S
LWSMCMRP102UK
Keep-Alive
timeout=5, max=100
Content-Length
35567
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
393 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/ciiom-rbwm/202211071832&cb=1677726566017
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ciiom-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:2800:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

x-amz-version-id
0u1KMWwhMzyT6lrE3BqQv2vcWKCAIMxo
date
Thu, 02 Mar 2023 03:06:10 GMT
via
1.1 a0be26685e47d6d6220ccd40bc5f0a4e.cloudfront.net (CloudFront)
last-modified
Tue, 28 Feb 2023 19:57:59 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
age
197
x-amz-server-side-encryption
AES256
etag
"7bc0ee636b3b83484fc3b9348863bd22"
x-cache
Hit from cloudfront
content-type
application/javascript
accept-ranges
bytes
content-length
2
x-amz-cf-id
gO8c0MWMhP_jjPc6AJ5BPVxVZSb8K5DOiehl0k52QpQ5P1txv84vbg==
jsEvent.json
www.mcmprod.hsbc.co.uk/4067/27087871010/XBW09WEA78JG/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mcmprod.hsbc.co.uk/4067/27087871010/XBW09WEA78JG/jsEvent.json
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.214.5.154 , United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
3ab503c65f4891f4cad329142742644ef1dbc67086dbf79753421ae2ef902a55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://origin-www.ciiom.hsbc.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Thu, 02 Mar 2023 03:09:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Vary
User-Agent
Content-Type
application/json
Access-Control-Allow-Origin
https://origin-www.ciiom.hsbc.com
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
LWSMCMRP102UK
Keep-Alive
timeout=5, max=99
Content-Length
80
/
origin-www.ciiom.hsbc.com/ 		93 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin-www.ciiom.hsbc.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.108.75.94 Wakefield, United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
ae6ece27b200511864c5eacb1b82935565e8e443fa84251ba8f88f1aa78bb6ef
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com *.g.doubleclick.net *.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net www.google.com lo.v.liveperson.net connect.facebook.net tags.tiqcdn.com *.mcmprod.hsbc.co.uk; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com *.hsbc.co.uk http://127.0.0.1:5000/* *.facebook.com *.online-banking.ciiom.hsbc.com *.googletagmanager.com *.hsbc.com.uk ciiom.hsbc.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.facebook.com *.security.online-banking.ciiom.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net connect.facebook.net bid.g.doubleclick.net *.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self' blob:; child-src 'self'; media-src 'self' *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Thu, 02 Mar 2023 03:09:27 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com *.g.doubleclick.net *.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net www.google.com lo.v.liveperson.net connect.facebook.net tags.tiqcdn.com *.mcmprod.hsbc.co.uk; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com *.hsbc.co.uk http://127.0.0.1:5000/* *.facebook.com *.online-banking.ciiom.hsbc.com *.googletagmanager.com *.hsbc.com.uk ciiom.hsbc.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.facebook.com *.security.online-banking.ciiom.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net connect.facebook.net bid.g.doubleclick.net *.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self' blob:; child-src 'self'; media-src 'self' *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com;
Content-Encoding
gzip
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=UTF-8
Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
S
gbl-prod-sy-aempub
Keep-Alive
timeout=5, max=99
Content-Length
10442
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Jan 1970 00:00:00 GMT
adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js
cdn.appdynamics.com/ 		45 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.appdynamics.com/adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.76 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-76.jfk50.r.cloudfront.net
Software
nginx/1.16.1 /
Resource Hash
7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60

Request headers

accept-language
en-US,en;q=0.9
Referer
https://origin-www.ciiom.hsbc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

date
Mon, 13 Feb 2023 23:52:05 GMT
content-encoding
gzip
via
1.1 27ca5ebac1c0f68ab48134f5b864093c.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P4
age
1394242
x-cache
Hit from cloudfront
last-modified
Thu, 15 Sep 2016 22:05:47 GMT
server
nginx/1.16.1
etag
W/"57db1b3b-b4f4"
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=2678400, s-max-age=14400
timing-allow-origin
*
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
EYE71ywItnT4_9lmrCaU4IJeOsxCCSdk2X7DM3FMsNBeFhJ4qXDgCg==
jsEvent.json
www.mcmprod.hsbc.co.uk/4067/27087871010/XBW09WEA78JG/ 		2 KB
1013 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mcmprod.hsbc.co.uk/4067/27087871010/XBW09WEA78JG/jsEvent.json
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
91.214.5.154 , United Kingdom, ASN20705 (HSBC-UK, GB),
Reverse DNS
Software
/
Resource Hash
a81887f6f7eae5ed64b0d7dab296314353c1a5684490c08c08c961fb93ff6b54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://origin-www.ciiom.hsbc.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Pragma
no-cache
Date
Thu, 02 Mar 2023 03:09:27 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Vary
User-Agent
Content-Type
application/json
Access-Control-Allow-Origin
https://origin-www.ciiom.hsbc.com
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
LWSMCMRP102UK
Keep-Alive
timeout=5, max=98
Content-Length
63
adrum
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAF-HVP/ 		0
734 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAF-HVP/adrum
Requested by
Host: origin-www.ciiom.hsbc.com
URL: https://origin-www.ciiom.hsbc.com/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.202.103.15 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-202-103-15.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://origin-www.ciiom.hsbc.com/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Thu, 02 Mar 2023 03:09:28 GMT
x-content-type-options
nosniff
server
envoy
vary
*
content-type
text/html
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time
0
access-control-allow-headers
origin, content-type, accept
expires
0

Verdicts & Comments Add Verdict or Comment

197 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless string| adrum-app-key number| adrum-start-time object| ADRUM object| TMS number| maskTimeout boolean| syncChangesApplied object| cssRuleManager function| removeMask function| getCookie string| cookie function| u object| HSBC object| DCSext function| dcsGetHSBCCookie function| dcsVar function| dcsMultiTrack function| dcsMapHSBC function| dcsMeta function| dcsFunc function| dcsTag object| optimizely object| utag_data object| modalsConfiguration undefined| $ function| jQuery object| cpiUtils object| PubSub boolean| utag_condload number| domainTest string| domain object| scripts string| utagScriptsSrc string| tealiumProfile string| tealiumProfileString string| cookieNameReconsent string| cookieValueReconsent undefined| cookieValueReconsentToNumber object| jwt undefined| JWTInternals object| elem boolean| loggedInScript string| versionNode number| version object| params object| qp_v_id object| qp_ses_id object| utag object| tealiumProfileSegments function| getCookieReconsent function| getCookieReconsentName function| checkCookiePage boolean| __tealium_twc_switch object| utag_cfg_ovrd object| Evnt string| mn object| pixel_lib function| RadioButton function| RadioGroup object| respond function| moment object| Bootstrap object| GPWS object| HSBC_utils object| Mustache function| v object| __core-js_shared__ object| core function| s object| anchors string| link boolean| gdpr_ccm_open object| $consentPrompt object| utag_extn string| csaHSBCcompatVersion string| csaHSBCpacketVersion string| csaHSBCuseCorsForInitialRequest string| csaHSBCuseJsonFormatForInitialCorsRequest object| CelebrusDataPrivacy function| csaHSBCpPO function| csaHSBCoptOut function| csaHSBCoptIn function| csaHSBCanonymous function| csaHSBCsessionShutdownPeriodExceeded object| csaHSBCpendingManualEvents object| csaHSBCqueuedYoutubeReferences function| csaHSBCevent function| csaHSBCclick function| csaHSBCtextchange function| csaHSBCformsubmit function| csaHSBCSendJsonData function| csaHSBCtrackYouTubeIframePlayer function| csaHSBCinitialExecutionCanProceed function| csaHSBCblockExecutionForInsertAlreadyPresent function| csaHSBCSL function| csaHSBCsendScriptRequests function| csaHSBCcookieAllowsScriptToProceed function| csaHSBCSC function| csaHSBCfindCookieVal function| csaHSBCdeleteLegacyCookies function| csaHSBCdoDeleteCookie boolean| csaHSBCLF string| csaHSBCTCP string| csaHSBCSSL function| csaHSBCgPr function| csaHSBCclearStoppedState function| csaHSBCstop function| csaHSBCgenerateUUID object| csaHSBCcookieList function| csaHSBCgC function| csaHSBCae function| csaHSBCclient_event function| csaHSBCGP function| csaHSBCGPWID function| csaHSBCexecuteJsonResponse function| csaHSBCdynamicCreateScript function| csaHSBCLC string| csaHSBCTWID function| csaHSBCresetCSA function| csaHSBCdoReInit function| csaHSBCexecuteReInitNow function| csaHSBCtmoPoll boolean| csaHSBCjsInsertAlreadyLoaded function| csaHSBCgetSD string| csaHSBCappSessionObject string| csaHSBCwindowID number| csaHSBCTm object| csaHSBCRTEHandler string| csaHSBCwid string| csaHSBCsn string| csaHSBCcfg string| csaHSBCln string| csaHSBCgetInputs string| csaHSBCmultiAttribJsRules string| csaHSBCjsRules string| csaHSBCmetaTagRules string| csaHSBCcontentRules string| csaHSBCregExRules string| csaHSBCfbRules string| csaHSBCgpRules string| csaHSBCtwRules string| csaHSBCsvId string| csaHSBCexceptionRules string| csaHSBCdbId boolean| csaHSBClookups string| csaHSBCcontentKey number| csaHSBCidl number| csaHSBCsST number| csaHSBCmST boolean| csaHSBCdoCapture boolean| csaHSBCuSC string| csaHSBCaCI boolean| csaHSBCuseCors boolean| csaHSBCuseJsonFormatRequest string| csaHSBCoptOutStatus boolean| csaHSBCqNI undefined| dataPidCelebrus object| csaHSBCContentIdArray function| getPWSPIDsForCelebrus function| celebrusRemoveLP function| csaHSBCiBd function| csaHSBCBd boolean| csaHSBCoTP object| csaHSBCoWA number| csaHSBCwI boolean| csaHSBCsWO function| csaHSBCjsSHA function| csaHSBCdoCelebrusInsertInvocation number| csaHSBClstActv boolean| csaHSBCnavSent function| csaHSBCgetConfig function| csaHSBCsessionStorageEnabled function| csaHSBCdeleteSessionCookie function| csaHSBCvariableStateChange number| csaHSBCcheckVariableCaptureTimeout string| csaHSBCperiodicContentRuleCheckTimeout object| csaHSBCiAy function| csaHSBCeQI function| csaHSBCdCB function| csaHSBCflushEvents function| csaHSBCpollForReset function| csaHSBCdoResetCSA function| csaHSBCstopEvents function| csaHSBCmediaEvent function| csaHSBCtwitterAnywhereTweet function| csaHSBCgplusAuthResponse function| csaHSBCplusOne function| csaHSBClinkedInShare function| csaHSBCcOP function| csaHSBCqueueUserEvent function| csaHSBCflashEvent function| csaHSBCreportContentAction function| csaHSBCgHW boolean| csaHSBCcfgAlreadyDirectedHandlerUse object| csaHSBCsACW function| onYouTubePlayerReady number| csaHSBCisReady

14 Cookies

Domain/Path Name / Value
origin-www.ciiom.hsbc.com/ Name: TS019e0bf9
Value: 01a9092955ff9e42685f94bbd9a38ba92b8f0167e220781c00b27fc4f43184b9172cdd11ef18cbe7bca11e0a8c3aab3ac05ca9491b
origin-www.ciiom.hsbc.com/ Name: SameSite
Value: None
origin-www.ciiom.hsbc.com/ Name: CIIOM-SY
Value: 2996160778.9337.0000
.hsbc.com/ Name: utag_main
Value: v_id:0186a04bc327005cb7c7608d29e003074002206c00b08$_sn:1$_se:1$_ss:1$_st:1677728365161$ses_id:1677726565161%3Bexp-session$_pn:1%3Bexp-session
.hsbc.com/ Name: tms_ref
Value:
www.mcmprod.hsbc.co.uk/ Name: csaHSBCCDID
Value: null_5_475de3158ae74684b4f384eccc34b69b
www.mcmprod.hsbc.co.uk/ Name: csaHSBCCDuvt
Value: 8fa063348a2f4d43a9b5ad7e6aded2c5
.hsbc.com/ Name: usy46gabsosd
Value: csaHSBC__2708787157_1677726565884_1677726566878_4067
.hsbc.com/ Name: csaHSBCkey
Value: 475de3158ae74684b4f384eccc34b69b
.hsbc.com/ Name: csaHSBCuvt
Value: 8fa063348a2f4d43a9b5ad7e6aded2c5_1677726566878_2708787157_1677726566878_1
.hsbc.com/ Name: csaHSBCDBID
Value: null_5
origin-www.ciiom.hsbc.com/ Name: ADRUM_BTa
Value: R:34|g:cfe32089-3df4-49aa-b9a4-ebf9c249b2ec|n:hsbc1_ad09af62-f30b-48cc-9993-42273656cbfc
origin-www.ciiom.hsbc.com/ Name: ADRUM_BT1
Value: R:34|i:6668399
www.mcmprod.hsbc.co.uk/ Name: vtz47gabsosd
Value: csaHSBC__2708787157_1677726567443_1677726566878_4067

3 Console Messages

Source Level URL
Text
network error URL: https://origin-www.ciiom.hsbc.com/
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://origin-www.ciiom.hsbc.com/content/dam/hsbc/ciiom/images/logo/hsbc-logo.svg
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://origin-www.ciiom.hsbc.com/
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com *.g.doubleclick.net *.google-analytics.com ssl.google-analytics.com googleads.g.doubleclick.net www.google.com lo.v.liveperson.net connect.facebook.net tags.tiqcdn.com *.mcmprod.hsbc.co.uk; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com *.hsbc.co.uk http://127.0.0.1:5000/* *.facebook.com *.online-banking.ciiom.hsbc.com *.googletagmanager.com *.hsbc.com.uk ciiom.hsbc.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com www.facebook.com *.security.online-banking.ciiom.hsbc.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net connect.facebook.net bid.g.doubleclick.net *.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com; object-src 'self' blob:; child-src 'self'; media-src 'self' *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.eu.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

akamai.tiqcdn.com
cdn.appdynamics.com
col.eum-appdynamics.com
origin-www.ciiom.hsbc.com
tags.tiqcdn.com
www.mcmprod.hsbc.co.uk
104.126.112.163
108.138.128.76
193.108.75.94
2600:9000:2511:2800:7:2bfb:7c00:93a1
54.202.103.15
91.214.5.154
01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
197b8619f5a91ef7349d74439423345d0fde03dd776c9a8ec665cdffe13846be
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
2cea73b7c9b18c93be931fbf1fd5c6bf1c44a0d0e34c343446162725983a1939
3ab503c65f4891f4cad329142742644ef1dbc67086dbf79753421ae2ef902a55
48f364ef034cf0c9cf115d0a022682eae3745c67e098f13ed9b4167f184b05b1
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6
6a74e4deb1779d184febfd8928a08419349330126c8c2ef38e17a969b4b045a2
76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586
795a8a2eef8b26c7eef6fd8c157ae4f86f99694eea6cd3c16f7806fe5b9fd3f0
7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60
912f4c51a8c69eb08640d401656cb0ee974d0feb6f69a05635326843530ca06f
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a81887f6f7eae5ed64b0d7dab296314353c1a5684490c08c08c961fb93ff6b54
ae6ece27b200511864c5eacb1b82935565e8e443fa84251ba8f88f1aa78bb6ef
b7d3098d77e45ef7a69e4a219e54e92e51d639a408e18307fc1f8b42b9217592
bcc1773d47b67c9102c82905b843342c394aa5499376058b986637beb03fd204
d5c2c8d7956e2af9082fe02f239bd97c426f12e7a867d1b4f1a405c124d26cea
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
ebb991b4937d6015d8937e8d23f6fa5b315e898a018d1f0972efe59765b754b4
ebc1a08c025d3bec275cc75fd24a76d600e174ccefa5ea62340051338c0172db
ec35101b5bbf85e8046d441b2dbdbc988f108b1f5b698093ae84bc511c9d4687
efe373642c0dd4ff67f20a4163439a1fcc82e4ee21035485e0a8ef87b9ad00a7