www.bancastato.ch Open in urlscan Pro
217.26.33.87 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://bancastato.ch/
Effective URL:
https://www.bancastato.ch/
Submission: On February 28 via api (February 28th 2024, 3:34:12 am UTC) from CH — Scanned from CH

Summary HTTP 45 Redirects Links 4 Behaviour Indicators

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 45 HTTP transactions. The main IP is 217.26.33.87, located in Switzerland and belongs to BSOURCE-AS, CH. The main domain is www.bancastato.ch.
TLS certificate: Issued by Thawte EV RSA CA G2 on January 18th 2024. Valid for: a year.

This is the only time www.bancastato.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 25	217.26.33.87 217.26.33.87	197312 (BSOURCE-AS) (BSOURCE-AS)
1 7	217.26.33.63 217.26.33.63	197312 (BSOURCE-AS) (BSOURCE-AS)
13	104.18.131.236 104.18.131.236	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.32.137 104.18.32.137	13335 (CLOUDFLAR...) (CLOUDFLARENET)
45	5

25 217.26.33.87 (Switzerland) 1 redirects

ASN197312 (BSOURCE-AS, CH)

bancastato.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.bancastato.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
prd-analytics.bancastato.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 217.26.33.63 (Switzerland) 1 redirects

ASN197312 (BSOURCE-AS, CH)

www.inlinea.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 104.18.131.236 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.32.137 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	bancastato.ch 1 redirects bancastato.ch www.bancastato.ch prd-analytics.bancastato.ch	4 MB
13	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 330	171 KB
7	inlinea.ch 1 redirects www.inlinea.ch	787 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 554	315 B
45	4

	Domain	Requested by
23	www.bancastato.ch	www.bancastato.ch
13	cdn.cookielaw.org	www.bancastato.ch cdn.cookielaw.org
7	www.inlinea.ch	1 redirects www.bancastato.ch www.inlinea.ch
1	geolocation.onetrust.com	cdn.cookielaw.org
1	prd-analytics.bancastato.ch	www.bancastato.ch
1	bancastato.ch	1 redirects
45	6

This site contains links to these domains. Also see Links.

Domain
www.inlinea.ch
www.instagram.com
www.facebook.com
www.onetrust.com

Subject Issuer	Validity	Valid
www.bancastato.ch Thawte EV RSA CA G2	`2024-01-18` - `2025-02-17`	a year	crt.sh
www.inlinea.ch Thawte EV RSA CA G2	`2024-02-05` - `2025-03-07`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2023-04-01` - `2024-03-31`	a year	crt.sh
prd-analytics.bancastato.ch Thawte RSA CA 2018	`2023-05-15` - `2024-06-14`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.bancastato.ch/
Frame ID: 8BAA7C563A50D261CD864BC2DF9F6085
Requests: 45 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Homepage | www.bancastato.chBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

https://bancastato.ch/ HTTP 301
https://www.bancastato.ch/ Page URL

Detected technologies

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Polyfill (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/polyfill\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

45
Requests

96 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

4781 kB
Transfer

5137 kB
Size

6
Cookies

4 Outgoing links

These are links going to different origins than the main page.

URL: https://www.inlinea.ch/auth-avaloq/login
Title: E-banking

Search URL Search Domain Scan URL

URL: https://www.instagram.com/bancastatoeventi/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/bancastatoeventi/

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://bancastato.ch/ HTTP 301
https://www.bancastato.ch/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://www.inlinea.ch/unblu/js-api/v2/visitor/visitor-api.min.js HTTP 302
https://www.inlinea.ch/unblu/static/js-api/xmd1698659171199/v2/visitor-js-api.min.js

Request Chain 26

https://prd-analytics.bancastato.ch/matomo.php?action_name=Homepage%20%7C%20www.bancastato.ch&idsite=1&rec=1&r=878862&h=4&m=34&s=4&url=https%3A%2F%2Fwww.bancastato.ch%2F&_id=3528c9a0b628a0c4&_idts=1709091244&_idvc=1&_idn=0&_refts=0&_viewts=1709091244&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=1142&pv_id=aHd7fp HTTP 303
https://prd-analytics.bancastato.ch/error_path/400.html?al_req_id=Zd6prNM01d2-ue1uyAkykAAAAKA

45 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.bancastato.ch/
Redirect Chain

https://bancastato.ch/
https://www.bancastato.ch/

94 KB
97 KB

610ms
321ms

Document
text/html

217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

274ac850e82ff0db35689916086bda4e752150a966001c3f6a6d6c5c97cddf73

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language: de-CH,de;q=0.9
referer: https://www.google.com/

Response headers

Cache-Control: max-age=600, public
Connection: Keep-Alive
Content-Length: 96130
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Type: text/html;charset=UTF-8
Date: Wed, 28 Feb 2024 03:33:59 GMT
Expires: Wed, 28 Feb 2024 03:43:59 GMT
Keep-Alive: timeout=10, max=500
Last-Modified: Wed, 28 Feb 2024 00:30:10 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Magnolia-Registration: Registered
X-XSS-Protection: 1; mode=block

Redirect headers

Connection: Keep-Alive
Content-Length: 233
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 28 Feb 2024 03:33:59 GMT
Keep-Alive: timeout=10, max=500
Location: https://www.bancastato.ch
Server: Apache
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK all.min~2023-12-04-08-51-34-000~cache.css
www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/ 719 KB
722 KB 593ms
273ms Stylesheet
text/css 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-12-04-08-51-34-000~cache.css

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

1e8dedb4827efc08016da49a24913ac863233796c3f3aebbcab3d13d0550f3c8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:00 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/css;charset=UTF-8
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=500
X-XSS-Protection: 1; mode=block
Expires: Thu, 27 Feb 2025 03:34:00 GMT

GET
H/1.1 200
OK style-integration~2023-12-04-08-51-34-000~cache.css
www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/ 5 KB
7 KB 596ms
277ms Stylesheet
text/css 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/style-integration~2023-12-04-08-51-34-000~cache.css

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

ef83cb697d53e094cd0240d15be9e29e81557c8d4c9c212f1c2acc4cc2ca1ac8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:00 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: text/css;charset=UTF-8
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=500
Content-Length: 4711
X-XSS-Protection: 1; mode=block
Expires: Thu, 27 Feb 2025 03:34:00 GMT

GET
H/1.1 200
OK jquery-3.5.1.min~2023-12-04-08-51-34-000~cache.js Show response
www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/vendor/ 87 KB
90 KB 697ms
306ms Script
application/javascript 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/vendor/jquery-3.5.1.min~2023-12-04-08-51-34-000~cache.js

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:00 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=UTF-8
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=500
Content-Length: 89476
X-XSS-Protection: 1; mode=block
Expires: Thu, 27 Feb 2025 03:34:00 GMT

GET
H/1.1 200
OK visitor.js Show response
www.inlinea.ch/unblu/ 2 KB
4 KB 623ms
321ms Script
application/javascript 217.26.33.63
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inlinea.ch/unblu/visitor.js?x-unblu-apikey=0PB5EOF5RnKfbCrL8wtEgw

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

695186c023ecba3303a77eed7d5a2db7312f5e16efa7d341ba838dabc3dafbd3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' .opentok.com .tokbox.com wss://.tokbox.com 'unsafe-eval'; connect-src wss: 'self' .opentok.com .tokbox.com wss://.tokbox.com ws:;
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

pragma: no-cache
Date: Wed, 28 Feb 2024 03:34:03 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Server: Apache
x-unblu-start-time: 1698659171199
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
Transfer-Encoding: chunked
cache-control: no-cache, no-store, must-revalidate, max-age=1
Connection: Keep-Alive
Keep-Alive: timeout=10, max=500
X-XSS-Protection: 1; mode=block
expires: Tue, 27 Feb 2024 03:34:03 GMT

GET
H/1.1

200
OK

visitor-js-api.min.js Show response
www.inlinea.ch/unblu/static/js-api/xmd1698659171199/v2/
Redirect Chain

https://www.inlinea.ch/unblu/js-api/v2/visitor/visitor-api.min.js
https://www.inlinea.ch/unblu/static/js-api/xmd1698659171199/v2/visitor-js-api.min.js

32 KB
34 KB

125ms
125ms

Script
application/javascript

217.26.33.63
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inlinea.ch/unblu/static/js-api/xmd1698659171199/v2/visitor-js-api.min.js

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Server

217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

3ca390e599307e3d3c40ce26738c025d3363f9956d18918de74b29ae5d33903d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' .opentok.com .tokbox.com wss://.tokbox.com 'unsafe-eval'; connect-src wss: 'self' .opentok.com .tokbox.com wss://.tokbox.com ws:;
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:03 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Connection: Keep-Alive
Content-Length: 32916
X-XSS-Protection: 1; mode=block
last-modified: Wed, 20 Apr 2022 16:22:50 GMT
Server: Apache
vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
cache-control: max-age=315619200,public
accept-ranges: bytes
Keep-Alive: timeout=10, max=499
expires: Sun, 30 Oct 2033 09:46:23 GMT

Redirect headers

Date: Wed, 28 Feb 2024 03:34:03 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Server: Apache
x-unblu-start-time: 1698659171199
X-Frame-Options: SAMEORIGIN
location: https://www.inlinea.ch/unblu/static/js-api/xmd1698659171199/v2/visitor-js-api.min.js
cache-control: max-age=60,public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=500
Content-Length: 0
X-XSS-Protection: 1; mode=block
expires: Wed, 28 Feb 2024 03:35:03 GMT

GET
H/1.1 200
OK polyfill.min.js Show response
www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/ 3 KB
6 KB 765ms
376ms Script
application/javascript 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/polyfill.min.js

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

9230df14164558edda90752e80110204d9ce145fbea632d969493e54ab333a70

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:00 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=500
Content-Length: 3246
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:00 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/ 5 KB
2 KB 910ms
357ms Script
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/OtAutoBlock.js

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c335a523f1b43df968c3efa0239d62d63c9df1c1bc99c0b25527ed36a59fb9b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 68946
content-md5: 5tYvKBYjfJsDLEo3+NY3ug==
content-length: 1810
x-ms-lease-status: unlocked
last-modified: Mon, 12 Jun 2023 13:26:49 GMT
server: cloudflare
etag: 0x8DB6B48AD88C493
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 3c0c05eb-e01e-0037-3b64-14eb2f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59bfebcef23f7-ZRH
expires: Thu, 29 Feb 2024 03:34:00 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 772ms
220ms Script
application/javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be2dfa172d505acb197760b55c4731347cc239a7a046013c251948bb8214dbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:00 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: OKrCs7nhvutcs03VCUskmw==
age: 2954
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6841
x-ms-lease-status: unlocked
last-modified: Tue, 27 Feb 2024 03:06:26 GMT
server: cloudflare
etag: 0x8DC37411679B650
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 3633ee45-101e-00a5-122a-696ff9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59bfebcf323f7-ZRH

GET
H/1.1 200
OK logo-bancastato.svg
www.bancastato.ch/.resources/bancastato-templating-light/webresources/img/ 6 KB
8 KB 765ms
376ms Image
image/svg+xml 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/img/logo-bancastato.svg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

7e13c30013899b6784ab280bdb537a991a0d97a7f5da27c1bc5c8d8f300cc586

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:00 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=500
Content-Length: 6074
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:00 GMT

GET
H/1.1 200
OK FondiR3.jpg
www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/Immagini/FondiR3.jpg/jcr:content/ 660 KB
663 KB 146ms
137ms Image
image/jpeg 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/Immagini/FondiR3.jpg/jcr:content/FondiR3.jpg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

68c86f50b40b3d99996fe39978c93cf628563444dc8a19bcdbc65ffae2521ac0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:00 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: image/jpeg;charset=UTF-8
Cache-Control: max-age=600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=499
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 03:44:00 GMT

GET
H/1.1 200
OK homepageDicembre2023.jpg
www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/Immagini/homepageDicembre2023.jpg/jcr:content/ 141 KB
144 KB 89ms
89ms Image
image/jpeg 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/Immagini/homepageDicembre2023.jpg/jcr:content/homepageDicembre2023.jpg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

fe2ee45b2e865d648dd94b3cb200d24cf31846741102d9384277daf326232f9b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:01 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Wed, 28 Feb 2024 00:34:48 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg;charset=UTF-8
Cache-Control: max-age=600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=499
Content-Length: 144396
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 03:44:01 GMT

GET
H/1.1 200
OK Twint%20-%20Web%20site%201920x704.jpg
www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/home/Twint---Web-site-1920x704.jpg/jcr:content/ 486 KB
489 KB 317ms
317ms Image
image/jpeg 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/home/Twint---Web-site-1920x704.jpg/jcr:content/Twint%20-%20Web%20site%201920x704.jpg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

ac4a30ea0ab7631964fa01b3976aa392445ffa48a193e696509d5ffbcd01908e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:02 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Wed, 28 Feb 2024 00:34:48 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg;charset=UTF-8
Cache-Control: max-age=600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=498
Content-Length: 498163
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 03:44:02 GMT

GET
H/1.1 200
OK mandato-pubblico-garanziaStato.jpg
www.bancastato.ch/dam/jcr:6661634e-0ccf-4c32-9d3e-8cce6d99acb5/ 69 KB
72 KB 78ms
76ms Image
image/jpeg 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/dam/jcr:6661634e-0ccf-4c32-9d3e-8cce6d99acb5/mandato-pubblico-garanziaStato.jpg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

902274bd47aefaa6d5445e26545afb9beb51be3235ba4328d0c03061a23d9ff8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:02 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Disposition: attachment; filename="mandato-pubblico-garanziaStato.jpg"
Connection: Keep-Alive
Content-Length: 71164
X-XSS-Protection: 1; mode=block
X-Magnolia-Registration: Registered
Last-Modified: Mon, 22 Jul 2019 08:44:32 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg;charset=UTF-8
Cache-Control: max-age=600, public
Keep-Alive: timeout=10, max=499
Expires: Wed, 28 Feb 2024 03:44:02 GMT

GET
H/1.1 200
OK Pagina%20eventi%20635x554-02.jpg
www.bancastato.ch/dam/jcr:3aecbba4-7152-4395-9b39-3efce885577a/ 144 KB
146 KB 83ms
82ms Image
image/jpeg 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/dam/jcr:3aecbba4-7152-4395-9b39-3efce885577a/Pagina%20eventi%20635x554-02.jpg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

cc45ca4ae13e6ad389e97d0e27c166830d4670ba81a3e5240caa8df9e24ae102

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:02 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Disposition: attachment; filename="Pagina eventi 635x554-02.jpg"
Connection: Keep-Alive
Content-Length: 147125
X-XSS-Protection: 1; mode=block
X-Magnolia-Registration: Registered
Last-Modified: Tue, 25 Apr 2023 13:54:27 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg;charset=UTF-8
Cache-Control: max-age=600, public
Keep-Alive: timeout=10, max=499
Expires: Wed, 28 Feb 2024 03:44:02 GMT

GET
H/1.1 200
OK TiHome.jpg
www.bancastato.ch/dam/jcr:48260176-d42f-4f32-b1a7-1a1ac7a0e620/ 76 KB
79 KB 202ms
201ms Image
image/jpeg 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/dam/jcr:48260176-d42f-4f32-b1a7-1a1ac7a0e620/TiHome.jpg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

22af2cb27167705fe5fb843dc6f737bdae9be8751437754e5145c2d87ba05dd0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:02 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Disposition: attachment; filename="TiHome.jpg"
Connection: Keep-Alive
Content-Length: 77860
X-XSS-Protection: 1; mode=block
X-Magnolia-Registration: Registered
Last-Modified: Mon, 22 Jul 2019 08:44:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg;charset=UTF-8
Cache-Control: max-age=600, public
Keep-Alive: timeout=10, max=499
Expires: Wed, 28 Feb 2024 03:44:02 GMT

GET
H/1.1 200
OK logo-bancastato-white.svg
www.bancastato.ch/.resources/bancastato-templating-light/webresources/img/ 6 KB
8 KB 99ms
98ms Image
image/svg+xml 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/img/logo-bancastato-white.svg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

0166fcc93e70f0cc0d0e262b6d0bce75d7b0308062206192d6ff502f97401812

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:04 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: image/svg+xml;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=497
Content-Length: 5991
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:04 GMT

GET
H/1.1 200
OK all.min~2023-12-04-08-51-34-000~cache.js Show response
www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/ 813 KB
816 KB 80ms
79ms Script
application/javascript 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/all.min~2023-12-04-08-51-34-000~cache.js

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

71a95f3047ec8c8ac3bbef725137ea93d9ea71d42b0a53fe434ee6e9c023bed7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:02 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: application/javascript;charset=UTF-8
Cache-Control: max-age=31536000, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=499
X-XSS-Protection: 1; mode=block
Expires: Thu, 27 Feb 2025 03:34:02 GMT

GET
H/1.1 200
OK matomo.js Show response
prd-analytics.bancastato.ch/ 66 KB
66 KB 625ms
320ms Script
application/javascript 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://prd-analytics.bancastato.ch/matomo.js

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

e3c39364dd866add4ea7fdf25aecc692c8d738387f3bab1720012919aab3c835

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:03 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
Last-Modified: Thu, 21 Mar 2019 07:50:00 GMT
Server: Apache
ETag: "106ad-58495fc36da00"
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=10, max=500
Content-Length: 67245
X-XSS-Protection: 1; mode=block

GET
H2 200 49cf5428-5c54-406c-8ffe-2673ecccc5b4.json Show response
cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/ 4 KB
2 KB 803ms
303ms XHR
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/49cf5428-5c54-406c-8ffe-2673ecccc5b4.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

04735e3fe90a1382d9362c7f79eb98a0e93e759e6401971e45251c45f3915870

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: YesJg4Mabx96C2dCJuBNcw==
content-length: 1593
x-ms-lease-status: unlocked
last-modified: Mon, 12 Jun 2023 13:26:49 GMT
server: cloudflare
etag: 0x8DB6B48AD66E952
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: e8c90803-801e-001e-55e7-1dd55b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59c0f584e8ffe-FRA
expires: Thu, 29 Feb 2024 03:34:03 GMT

GET
H/1.1 200
OK FuturaBT-Medium.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 49 KB
51 KB 701ms
168ms Font
application/font-woff2 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/FuturaBT-Medium.woff2

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-12-04-08-51-34-000~cache.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

9473418c10073c7b3f3f3f7bfe6bc3f640e3a091ebc4c39cd6f44420011b5912

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://www.bancastato.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:03 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=498
Content-Length: 50014
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:03 GMT

GET
H/1.1 200
OK roboto-medium-webfont.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 19 KB
22 KB 1328ms
422ms Font
application/font-woff2 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/roboto-medium-webfont.woff2

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-12-04-08-51-34-000~cache.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

6e858a5202e480d17bbc81eacc216943fb9c7eea727263e08f30cb5cc468bec8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://www.bancastato.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:03 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=498
Content-Length: 19716
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:03 GMT

GET
H/1.1 200
OK icomoon.ttf
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 56 KB
58 KB 1332ms
388ms Font
application/x-font-ttf 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/icomoon.ttf?oaey11

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-12-04-08-51-34-000~cache.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

1e7b2c36e34918adb2157e35983ad8627ce26d2368b9dc71aea7670cc2731aac

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://www.bancastato.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:04 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: application/x-font-ttf;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=498
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:04 GMT

GET
H/1.1 200
OK FuturaBT-Bold.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 50 KB
53 KB 1400ms
138ms Font
application/font-woff2 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/FuturaBT-Bold.woff2

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-12-04-08-51-34-000~cache.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

11ebc0e2ec3e972f3bcecd1aa31e3a6167654dc76b0f8d93c2069712175eddeb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://www.bancastato.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:04 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=497
Content-Length: 51680
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:04 GMT

GET
H/1.1 200
OK roboto-bold-webfont.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 19 KB
22 KB 1390ms
115ms Font
application/font-woff2 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/roboto-bold-webfont.woff2

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-12-04-08-51-34-000~cache.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

a60fca9f3aad41fafcd49e04e9ae88519efece6aa485de11c418a6c034f06b0c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://www.bancastato.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:04 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=497
Content-Length: 19872
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:04 GMT

GET
H/1.1 200
OK roboto-regular-webfont.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 19 KB
22 KB 1387ms
65ms Font
application/font-woff2 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/roboto-regular-webfont.woff2

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-12-04-08-51-34-000~cache.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

0fea4ae61a79845e734c5df1c00ea48b1c35cda64f9abf9cab2642d381cb1040

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://www.bancastato.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:04 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: application/font-woff2;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=498
Content-Length: 19652
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:04 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
315 B 923ms
307ms XHR
application/json 104.18.32.137
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.32.137 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcbe2776660a0f2b95a251275c0f1d842f9f586514038397e29f00f6eee0640e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.google.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

date: Wed, 28 Feb 2024 03:34:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 85c59c15ac611cb5-FRA
access-control-allow-headers: Content-Type

GET

400.html
prd-analytics.bancastato.ch/error_path/
Redirect Chain

https://prd-analytics.bancastato.ch/matomo.php?action_name=Homepage%20%7C%20www.bancastato.ch&idsite=1&rec=1&r=878862&h=4&m=34&s=4&url=https%3A%2F%2Fwww.bancastato.ch%2F&_id=3528c9a0b628a0c4&_idts=...
https://prd-analytics.bancastato.ch/error_path/400.html?al_req_id=Zd6prNM01d2-ue1uyAkykAAAAKA

0
0

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202305.1.0/ 403 KB
97 KB 34ms
33ms Script
application/javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: fuN6EZWNAh2xn3yE+0HSRQ==
age: 83132
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 99428
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jul 2023 02:35:48 GMT
server: cloudflare
etag: 0x8DB81B7897E828A
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: bb61c14c-801e-006c-0ac6-0bd214000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59c170ee523f7-ZRH

GET
H/1.1 200
OK Barra-bilancioSocialeAmbientale.jpg
www.bancastato.ch/dam/jcr:89549bf8-5a61-4e6f-b660-af5ee0e38b77/ 120 KB
123 KB 86ms
86ms Image
image/jpeg 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bancastato.ch/dam/jcr:89549bf8-5a61-4e6f-b660-af5ee0e38b77/Barra-bilancioSocialeAmbientale.jpg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

465b2c629f5df9e676ab35968ddf7fde988646e1b0b0dfa5ae8fb83600946d7b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:05 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Disposition: attachment; filename="Barra-bilancioSocialeAmbientale.jpg"
Connection: Keep-Alive
Content-Length: 123016
X-XSS-Protection: 1; mode=block
X-Magnolia-Registration: Registered
Last-Modified: Mon, 22 Jul 2019 08:44:50 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg;charset=UTF-8
Cache-Control: max-age=600, public
Keep-Alive: timeout=10, max=498
Expires: Wed, 28 Feb 2024 03:44:05 GMT

GET
H2 200 it.json Show response
cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/8fe93efa-3bef-4db9-9778-25d301ef2761/ 31 KB
9 KB 71ms
71ms Fetch
application/x-javascript 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/8fe93efa-3bef-4db9-9778-25d301ef2761/it.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc49a2d46c2a0591377c90a8b2488c0be83eaf1370022d34193e167bb3971c49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-md5: Wu/bsuurmEVCiYqRJ/CF+w==
content-length: 8598
x-ms-lease-status: unlocked
last-modified: Mon, 12 Jun 2023 13:26:51 GMT
server: cloudflare
etag: 0x8DB6B48AE74D931
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 074a36fa-201e-005a-28d6-0b5f64000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59c1a6b118ffe-FRA
expires: Thu, 29 Feb 2024 03:34:05 GMT

GET
H/1.1 200
OK Initializer.js Show response
www.inlinea.ch/unblu/static/js/wp/xmd1698659171199/ 7 KB
8 KB 66ms
65ms Script
application/javascript 217.26.33.63
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inlinea.ch/unblu/static/js/wp/xmd1698659171199/Initializer.js

Requested by

Host: www.inlinea.ch
URL: https://www.inlinea.ch/unblu/visitor.js?x-unblu-apikey=0PB5EOF5RnKfbCrL8wtEgw

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

a4873963778e4f551c75d423b30652504b25cafa358b5e8c794183c43898fc6f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' .opentok.com .tokbox.com wss://.tokbox.com 'unsafe-eval'; connect-src wss: 'self' .opentok.com .tokbox.com wss://.tokbox.com ws:;
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:05 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Connection: Keep-Alive
Content-Length: 7111
X-XSS-Protection: 1; mode=block
last-modified: Wed, 20 Apr 2022 16:21:22 GMT
Server: Apache
vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
cache-control: max-age=315619200,public
accept-ranges: bytes
Keep-Alive: timeout=10, max=498
expires: Sun, 30 Oct 2033 09:46:28 GMT

GET
H/1.1 200
OK IPCheckServlet Show response
www.bancastato.ch/ 135 B
3 KB 62ms
61ms XHR
text/html 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/IPCheckServlet?skp=t

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/vendor/jquery-3.5.1.min~2023-12-04-08-51-34-000~cache.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

abd415d48ee77643a7b89f634acde4ff57ad59f3a3fcc2633d0d0456466bc13c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.google.com/
X-Requested-With: XMLHttpRequest
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:05 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Content-Type: text/html;charset=UTF-8
Cache-Control: max-age=600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=496
Content-Length: 135
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 03:44:05 GMT

GET
H/1.1 200
OK icomoon.ttf
www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/fonts/ 56 KB
58 KB 152ms
152ms Font
application/x-font-ttf 217.26.33.87
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/fonts/icomoon.ttf?gvp6vc

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/style-integration~2023-12-04-08-51-34-000~cache.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

1e7b2c36e34918adb2157e35983ad8627ce26d2368b9dc71aea7670cc2731aac

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.google.com/
Origin: https://www.bancastato.ch
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:05 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified: Mon, 04 Dec 2023 08:51:34 GMT
Server: Apache
X-Magnolia-Registration: Registered
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: application/x-font-ttf;charset=UTF-8
Cache-Control: max-age=3600, public
Connection: Keep-Alive
Keep-Alive: timeout=10, max=495
X-XSS-Protection: 1; mode=block
Expires: Wed, 28 Feb 2024 04:34:05 GMT

GET
H2 200 otCenterRounded.json Show response
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/ 9 KB
3 KB 148ms
146ms Fetch
application/json 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/otCenterRounded.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4e0b51db940e096731fbe30fb3b9367be7f56e67005d654ad088512e1811ecd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Pti/u+fQP9FCIyxYOp1+Iw==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2640
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jul 2023 02:35:42 GMT
server: cloudflare
etag: 0x8DB81B785C7CC13
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 729a2c92-f01e-0066-2e92-1376a3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59c1bdb638ffe-FRA

GET
H2 200 otPcPanel.json Show response
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/v2/ 63 KB
13 KB 410ms
408ms Fetch
application/json 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/v2/otPcPanel.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

00b7928237d68d4ee4ee4d9c48e47ca0295e1d93ad19da367f813595efc7c539

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ur92uSUH27h9n7U5aSbsSw==
age: 79184
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12707
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jul 2023 02:35:44 GMT
server: cloudflare
etag: 0x8DB81B786B95D38
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 8c3134ea-d01e-0095-46b3-0bd136000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59c1c0b718ffe-FRA

GET
H2 200 otCookieSettingsButton.json Show response
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/ 5 KB
2 KB 892ms
891ms Fetch
application/json 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/otCookieSettingsButton.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 6UUu9ITWusP/z8oTYDPzzQ==
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1766
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jul 2023 02:35:43 GMT
server: cloudflare
etag: 0x8DB81B7865DB57F
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: e8c908ca-801e-001e-0ae7-1dd55b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59c1c0b728ffe-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/ 21 KB
4 KB 757ms
756ms Fetch
text/css 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: oWkBTLgDDXvrUsd93y/Zxg==
age: 79184
x-ms-lease-status: unlocked
last-modified: Tue, 11 Jul 2023 02:35:52 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: dde4b3b3-101e-001c-44e4-e16be3000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 85c59c1c0b738ffe-FRA

GET
H/1.1 200
OK SiteIntegrationLazyMain.cfg Show response
www.inlinea.ch/unblu/config/xmd1709049946170/all/it/null/de-CH/https$www.bancastato.ch/0PB5EOF5RnKfbCrL8wtEgw/null/null/null/ 14 KB
16 KB 55ms
55ms Script
application/javascript 217.26.33.63
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inlinea.ch/unblu/config/xmd1709049946170/all/it/null/de-CH/https$www.bancastato.ch/0PB5EOF5RnKfbCrL8wtEgw/null/null/null/SiteIntegrationLazyMain.cfg

Requested by

Host: www.inlinea.ch
URL: https://www.inlinea.ch/unblu/static/js/wp/xmd1698659171199/Initializer.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

62386d8a8273031b38e78554c43a8aed04537629db132c6d1c7bdd51822a4988

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' .opentok.com .tokbox.com wss://.tokbox.com 'unsafe-eval'; connect-src wss: 'self' .opentok.com .tokbox.com wss://.tokbox.com ws:;
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:05 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
last-modified: Mon, 30 Oct 2023 09:46:11 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
cache-control: max-age=315619200,private
Connection: Keep-Alive
Keep-Alive: timeout=10, max=497
Content-Length: 14838
X-XSS-Protection: 1; mode=block
expires: Tue, 28 Feb 2034 03:34:05 GMT

GET
H/1.1 200
OK SiteIntegrationLazyMain.js Show response
www.inlinea.ch/unblu/static/js/wp/xmd1698659171199/ 720 KB
722 KB 73ms
72ms Script
application/javascript 217.26.33.63
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inlinea.ch/unblu/static/js/wp/xmd1698659171199/SiteIntegrationLazyMain.js

Requested by

Host: www.inlinea.ch
URL: https://www.inlinea.ch/unblu/static/js/wp/xmd1698659171199/Initializer.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

b4b37801b95c0da035a6222a14b883cee80b755b9566ba73f773181ab11e6733

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' .opentok.com .tokbox.com wss://.tokbox.com 'unsafe-eval'; connect-src wss: 'self' .opentok.com .tokbox.com wss://.tokbox.com ws:;
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Date: Wed, 28 Feb 2024 03:34:05 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Connection: Keep-Alive
Content-Length: 737718
X-XSS-Protection: 1; mode=block
last-modified: Wed, 20 Apr 2022 16:21:22 GMT
Server: Apache
vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript;charset=utf-8
cache-control: max-age=315619200,public
accept-ranges: bytes
Keep-Alive: timeout=10, max=496
expires: Sun, 30 Oct 2033 09:46:35 GMT

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
623 B 212ms
212ms Image
image/svg+xml 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 9427
x-ms-lease-status: unlocked
last-modified: Tue, 27 Feb 2024 03:06:33 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: c9b79dab-201e-0081-3939-699959000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 85c59c22ce6223f7-ZRH

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
538 B 194ms
194ms Fetch
image/svg+xml 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 79185
x-ms-lease-status: unlocked
last-modified: Mon, 26 Feb 2024 03:25:12 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 7a3591e4-501e-006f-147a-683370000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 85c59c22cd718ffe-FRA

GET
H2 200 logo-bancastato.jpg
cdn.cookielaw.org/logos/19903376-321d-48e4-bb04-fdfea1137229/c2303ba0-e6e3-496d-bacd-dd6544c8ebc5/e16f1d0b-fbff-4a55-aa81-4e75fada0566/ 29 KB
29 KB 596ms
596ms Image
image/jpeg 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/19903376-321d-48e4-bb04-fdfea1137229/c2303ba0-e6e3-496d-bacd-dd6544c8ebc5/e16f1d0b-fbff-4a55-aa81-4e75fada0566/logo-bancastato.jpg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81dcc945def619ab8a342b22cfb70f5a93d0d417b79370d3431bfc817404b7c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 3hKdS1s6mJfSa1LnziVGww==
age: 71933
content-length: 29372
x-ms-lease-status: unlocked
cf-bgj: h2pri
last-modified: Wed, 24 May 2023 21:15:33 GMT
server: cloudflare
etag: 0x8DB5C9C03105952
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 0e73305d-101e-0033-47b7-1c6628000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 85c59c22de7223f7-ZRH

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 484ms
484ms Image
image/svg+xml 104.18.131.236
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.bancastato.ch
URL: https://www.bancastato.ch/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.131.236 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-CH,de;q=0.9
Referer: https://www.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 28 Feb 2024 03:34:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 5395
x-ms-lease-status: unlocked
last-modified: Tue, 27 Feb 2024 03:06:33 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 360756de-601e-0039-6c30-69c29f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 85c59c22de7323f7-ZRH

POST
H/1.1 200
OK update Show response
www.inlinea.ch/unblu/rpc/visitorTracking/ 286 B
2 KB 156ms
155ms XHR
application/unblu-serialized-object 217.26.33.63
BSOURCE-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://www.inlinea.ch/unblu/rpc/visitorTracking/update?xvh=x-unblu-client~INITIAL*x-unblu-page~INITIAL*x-unblu-apikey~0PB5EOF5RnKfbCrL8wtEgw*x-unblu-referer~aHR0cHM6Ly93d3cuYmFuY2FzdGF0by5jaC8%253D*x-unblu-locale~it*x-unblu-timezone~Europe%252FZurich*content-type~application%252Funblu-serialized-object

Requested by

Host: www.inlinea.ch
URL: https://www.inlinea.ch/unblu/static/js/wp/xmd1698659171199/SiteIntegrationLazyMain.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),

Reverse DNS

Software

Apache /

Resource Hash

6809c59719f1b066ea7beb9e789c618e4e8478cecd48393b9f33223eb19ad436

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' .opentok.com .tokbox.com wss://.tokbox.com 'unsafe-eval'; connect-src wss: 'self' .opentok.com .tokbox.com wss://.tokbox.com ws:;
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/unblu-serialized-object
Referer: https://www.google.com/
accept-language: de-CH,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
content-type: text/plain; charset=UTF-8

Response headers

Date: Wed, 28 Feb 2024 03:34:10 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains;preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Transfer-Encoding: chunked
Connection: Keep-Alive
X-XSS-Protection: 1; mode=block
pragma: no-cache
Server: Apache
x-unblu-start-time: 1698659171199
X-Frame-Options: SAMEORIGIN
Content-Type: application/unblu-serialized-object; charset=UTF-8
access-control-allow-origin: https://www.bancastato.ch
access-control-expose-headers: x-unblu-page, x-unblu-client, x-unblu-set-cookie
cache-control: no-cache, no-store, must-revalidate, max-age=1
access-control-allow-credentials: true
Keep-Alive: timeout=10, max=495
expires: Tue, 27 Feb 2024 03:34:10 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: prd-analytics.bancastato.ch
URL: https://prd-analytics.bancastato.ch/error_path/400.html?al_req_id=Zd6prNM01d2-ue1uyAkykAAAAKA

Verdicts & Comments Add Verdict or Comment

52 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

6 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.bancastato.ch/	1969-12-31 23:59:59	Name: AL_SESS-S Value: AfiRZQMyFACwfkP5u14ZRM448sxKU!Sunxaj8dEVC4UEs8Yf0_sg4q4gfjGl5vXRPxAp
www.inlinea.ch/	1970-01-21 04:20:51	Name: x-unblu-device Value: $xc/Brz!DiCzQ3x!vlPcKKb6eknP8SD_mogXHUNXpFf2_WRSJidj
prd-analytics.bancastato.ch/	1969-12-31 23:59:59	Name: AL_SESS-S Value: AWscpc5PmnOajFG50zyIuTLsX_Tp09c8QsnA6kZW3efPVC12TAdv1ZjC1lRJAlLAqUXc
www.bancastato.ch/	1970-01-21 04:10:46	Name: _pk_id.1.8629 Value: 3528c9a0b628a0c4.1709091244.1.1709091244.1709091244.
www.bancastato.ch/	1970-01-20 18:44:53	Name: _pk_ses.1.8629 Value: 1
.www.bancastato.ch/	1970-01-21 03:30:27	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Feb+28+2024+04%3A34%3A06+GMT%2B0100+(Central+European+Standard+Time)&version=202305.1.0&browserGpcFlag=0&isIABGlobal=false&landingPath=https%3A%2F%2Fwww.bancastato.ch%2F&groups=C0003%3A0%2CC0002%3A0%2CC0001%3A1&hosts=H2%3A0%2CH3%3A1%2CH5%3A1&genVendors=

8 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
other	warning	URL: https://www.bancastato.ch/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.bancastato.ch/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.bancastato.ch/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
network	error	URL: https://prd-analytics.bancastato.ch/error_path/400.html?al_req_id=Zd6prNM01d2-ue1uyAkykAAAAKA Message: Failed to load resource: net::ERR_EMPTY_RESPONSE
other	warning	URL: https://www.bancastato.ch/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.bancastato.ch/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.bancastato.ch/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.
other	warning	URL: https://www.bancastato.ch/ Message: Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' .inlinea.ch inlinea.ch .google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com .gstatic.com .browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com .bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com .cloudfront.net .onetrust.com cdn.cookielaw.org; connect-src 'self' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: .inlinea.ch inlinea.ch .htbridge.com .bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com .gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com .cloudfront.net .onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' .inlinea.ch inlinea.ch .bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com .cloudfront.net .onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch .bancastato.ch https://www.google.com .cloudfront.net ; child-src 'self' .inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com .youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch .bancastato.ch .cloudfront.net ; font-src 'self' data: .inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com .bancastato.ch .cloudfront.net
Strict-Transport-Security	max-age=31536000;includeSubDomains;preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bancastato.ch
cdn.cookielaw.org
geolocation.onetrust.com
prd-analytics.bancastato.ch
www.bancastato.ch
www.inlinea.ch
prd-analytics.bancastato.ch
104.18.131.236
104.18.32.137
217.26.33.63
217.26.33.87
00b7928237d68d4ee4ee4d9c48e47ca0295e1d93ad19da367f813595efc7c539
0166fcc93e70f0cc0d0e262b6d0bce75d7b0308062206192d6ff502f97401812
04735e3fe90a1382d9362c7f79eb98a0e93e759e6401971e45251c45f3915870
0fea4ae61a79845e734c5df1c00ea48b1c35cda64f9abf9cab2642d381cb1040
11ebc0e2ec3e972f3bcecd1aa31e3a6167654dc76b0f8d93c2069712175eddeb
1e7b2c36e34918adb2157e35983ad8627ce26d2368b9dc71aea7670cc2731aac
1e8dedb4827efc08016da49a24913ac863233796c3f3aebbcab3d13d0550f3c8
22af2cb27167705fe5fb843dc6f737bdae9be8751437754e5145c2d87ba05dd0
274ac850e82ff0db35689916086bda4e752150a966001c3f6a6d6c5c97cddf73
3ca390e599307e3d3c40ce26738c025d3363f9956d18918de74b29ae5d33903d
465b2c629f5df9e676ab35968ddf7fde988646e1b0b0dfa5ae8fb83600946d7b
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
5be2dfa172d505acb197760b55c4731347cc239a7a046013c251948bb8214dbc
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
62386d8a8273031b38e78554c43a8aed04537629db132c6d1c7bdd51822a4988
6809c59719f1b066ea7beb9e789c618e4e8478cecd48393b9f33223eb19ad436
68c86f50b40b3d99996fe39978c93cf628563444dc8a19bcdbc65ffae2521ac0
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
695186c023ecba3303a77eed7d5a2db7312f5e16efa7d341ba838dabc3dafbd3
6e858a5202e480d17bbc81eacc216943fb9c7eea727263e08f30cb5cc468bec8
71a95f3047ec8c8ac3bbef725137ea93d9ea71d42b0a53fe434ee6e9c023bed7
7e13c30013899b6784ab280bdb537a991a0d97a7f5da27c1bc5c8d8f300cc586
81dcc945def619ab8a342b22cfb70f5a93d0d417b79370d3431bfc817404b7c6
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
902274bd47aefaa6d5445e26545afb9beb51be3235ba4328d0c03061a23d9ff8
9230df14164558edda90752e80110204d9ce145fbea632d969493e54ab333a70
9473418c10073c7b3f3f3f7bfe6bc3f640e3a091ebc4c39cd6f44420011b5912
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
a4873963778e4f551c75d423b30652504b25cafa358b5e8c794183c43898fc6f
a60fca9f3aad41fafcd49e04e9ae88519efece6aa485de11c418a6c034f06b0c
abd415d48ee77643a7b89f634acde4ff57ad59f3a3fcc2633d0d0456466bc13c
ac4a30ea0ab7631964fa01b3976aa392445ffa48a193e696509d5ffbcd01908e
b4b37801b95c0da035a6222a14b883cee80b755b9566ba73f773181ab11e6733
c335a523f1b43df968c3efa0239d62d63c9df1c1bc99c0b25527ed36a59fb9b1
cc45ca4ae13e6ad389e97d0e27c166830d4670ba81a3e5240caa8df9e24ae102
cc49a2d46c2a0591377c90a8b2488c0be83eaf1370022d34193e167bb3971c49
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d4e0b51db940e096731fbe30fb3b9367be7f56e67005d654ad088512e1811ecd
e3c39364dd866add4ea7fdf25aecc692c8d738387f3bab1720012919aab3c835
ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594
ef83cb697d53e094cd0240d15be9e29e81557c8d4c9c212f1c2acc4cc2ca1ac8
fcbe2776660a0f2b95a251275c0f1d842f9f586514038397e29f00f6eee0640e
fe2ee45b2e865d648dd94b3cb200d24cf31846741102d9384277daf326232f9b

www.bancastato.ch Open in urlscan Pro 217.26.33.87 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

45 Requests

96 %HTTPS

0 %IPv6

4 Domains

6 Subdomains

5 IPs

2 Countries

4781 kBTransfer

5137 kBSize

6 Cookies

4 Outgoing links

Page URL History

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.bancastato.ch Open in urlscan Pro
217.26.33.87 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

96 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

4781 kB
Transfer

5137 kB
Size

6
Cookies

45 HTTP transactions
0 data transactions